We were migrating a client from Cisco traditional to Cisco Meraki. The client already had Cisco ISE running in their network so it made sense to integrate Cisco ISE with the new Meraki networks. Meraki is used for LAN/WLAN. Some sites still run traditional Cisco. Meraki's support for Cisco ISE has been steadily growing and hopefully this will only get better with time. It solved the challenge of having to redo the whole .1X setup. Unfortunately we ran into an issue where Meraki doesn't support ISE returning named VLANs to dynamically drop users into their VLAN so we had to work around that. ISE is used for: Allowing corporate laptops to the wireless network (WPA2-Enterprise) Allowing wired corporate computers to the wired network, some of which are connected to an IP phone (802.1X, LLDP) Guest LAN and WLAN using LWA and self-registration BYOD's are treated like guests and use home working techniques to reach corporate resources IOT devices are dropped into the IOT VLAN, sometimes having to resort to MAB to make it work as a lot of IOT devices don't support .1X Possible improvements: We're not using posturing yet, but it would make a nice addition to the architecture and it seems to be supported. Another thing that would be nice is to interface between ISE and the firewall using pxGrid. We could also go a bit further in the BYOD concept. The schematic looks somewhat like this: For those interested, more info about how to configure this can be found here: https://community.cisco.com/t5/security-documents/how-to-integrate-meraki-networks-with-ise/ta-p/3618650 https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Configuring_the_MS_Access_Switch_for_Standard_VoIP_deployments Disclaimer so you guys don't sue me : I'm not the engineer who configured all this so there might be some inaccuracies and I also don't necessarily know about every hurdle encountered.
... View more