Meraki

Community

About arom

Re: VLAN trunk on AP

by in Wireless
‎Jul 22 2024 11:40 PM
‎Jul 22 2024 11:40 PM
Hi Karstenl and thanks for the information. Your suggestion is exactly the configuration I screenshot above. The AP is on the same VLAN as the native VLAN (VLAN 100) on the trunk. The WLAN's is tagged to VLAN 40 (working) and VLAN 100 (not working).   Or maybe I misunderstood you? ... View more

VLAN trunk on AP

by in Wireless
‎Jul 22 2024 11:19 PM
‎Jul 22 2024 11:19 PM
Hi team, Im trying to figure out two separate problems that both have to do with VLAN tagging from AP. Can't configure static IP on AP when tagging VLAN 100. Client can't get an IP-address when connecting to a SSID that is tagged VLAN 100.   So first and foremost, here is the switch trunk configured for the AP:   As for the first problem, if I configured static IP on the AP and tag it with VLAN 100, it doesn't work. BUT if i remove the tag on VLAN 100 and keep the rest of the configuration, it works. Why is that?   As for the second problem. I have two different SSID's configured. One that is getting tagged to VLAN 40, and the other getting tagged to VLAN 100. The SSID to VLAN 40 works great, but the one on VLAN 100 doesn't work (the client can connect to the SSID but is not getting any IP address).   Please help me with this as i really cant understand what configuration is wrong.    Thanks! ... View more

Re: Endpoint stuck on "Critical VLAN"

by in Switching
‎Feb 17 2024 3:34 AM
‎Feb 17 2024 3:34 AM
Interesting finding, thank you for the information! Strange that the setting is not enabled by default. I have reached out to the support now 🙂 ... View more

Endpoint stuck on "Critical VLAN"

by in Switching
‎Feb 17 2024 3:02 AM
‎Feb 17 2024 3:02 AM
Hi team,   We are currently testing out Cisco ISE with Meraki MS120-switches. When testing out the "Critical VLAN" feature, we noticed that the endpoint/switchport somehow got stuck on the mode. The test was created as per the following: 1. Disconnected the endpoint from the switchport. 2. Changed the PSK to a faulty PSK on the access policy on the switch (to simulate that the switch cannot communicate towards the ISE server). 3. Connected the endpoint, and the endpoint was successfully put on the Critical VLAN which is good. 4. We changed back the PSK to the correct one in the access policy, and here the switch/switchport never tried to reauthenticate again. We disconnected/connected the device several times to the switchport but every time the endpoint got registered to the Critical VLAN. In ISE, we couldn't see that the endpoint tried to authenticate.   To resolve the issue, we reconfigured the switchport from cisco ise policy to "open", and then back to cisco ise policy, and after that the endpoint did a successful authentication again.   Is this by design, or a bug?  ... View more

Re: Profiling

by in Switching
‎Nov 27 2023 1:18 AM
‎Nov 27 2023 1:18 AM
I want to thank you for your responses and help with the questions I had. I will create a case to Meraki and Cisco to see if there is a way to use ISE pxGrid to fetch information from Meraki's API and use that information to make decisions about authorizations. If anyone is interested in this use case, I can return later to this post and summarize my findings 🙂   Best regards, arom ... View more

Re: Profiling

by in Switching
‎Nov 26 2023 11:18 PM
‎Nov 26 2023 11:18 PM
Thanks. Im very familiar with these modules and worked with them before. The modules are great but only works on devices that have support for an agent. The profiling scenarios i'm interested in has to agent-less as most devices that are of interest can't run an agent unfortunately. ... View more

Re: Profiling

by in Switching
‎Nov 26 2023 11:03 AM
‎Nov 26 2023 11:03 AM
I have read this article (have a link to it in the post). The last section explains the limited profiling capabilities with Meraki and ISE, but I want to believe there is more support to it with pxGrid or similar, as other vendors have solved it! ... View more

Re: Profiling

by in Switching
‎Nov 26 2023 11:01 AM
‎Nov 26 2023 11:01 AM
Yeah maybe! Just wanted to see if anyone in the community had some experience around this. ... View more

Profiling

by in Switching
‎Nov 26 2023 1:27 AM
2 Kudos
‎Nov 26 2023 1:27 AM
2 Kudos
Hello team!   I'm researching on what type of profiling capabilities there is when using Meraki (in this case MS120) and NAC/ZT solution.   I've looked into Cisco ISE, Forescout, Aruba Clearpass and FortiNAC.   Looking at the official Cisco ISE support for profiling, there is basically only support for LLDP/CDP and RADIUS calling-stations-id attribute (https://community.cisco.com/t5/security-knowledge-base/how-to-integrate-meraki-networks-with-ise/ta-p/3618650). Other vendors, like Aruba and Forescout, tells me they can fetch information from Merakis API to get profiling information on devices and use that information to perform decisions on authorizations.   So my questions is: 1. Anyone knows why there is no official support for Cisco ISE integrating with Meraki's API over pxGrid? 2. Has anyone tried integrating Meraki's API to NAC-solutions, like above mentioned, for profiling purposes, and what was the result? Did it work as expected and what kind of capabilities can you expect?   Thanks and best regards, arom ... View more
My Top Kudoed Posts
View all
© 2024 Cisco Systems, Inc.