Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About danxr

Re: MR behind a MX with dot1x/mab and ISE for radius. Wireless clients show...

by in Wireless
3 weeks ago
3 weeks ago
  Yes, it would appear so (based on meraki event logs). Does the issue have to do with multiple host auth on Merakis?   Is there an effective way to apply NAC to the MX interfaces with an MR connected to it? ... View more

MR behind a MX with dot1x/mab and ISE for radius. Wireless clients show up ...

by in Wireless
3 weeks ago
3 weeks ago
I have a wireless client (Windows native supplicant) connecting to a dot1x SSID on a Meraki MR AP. The MR is wired to the MX, and on the MX interface connected to the AP, there is a hybrid access policy. We also run ISE as the radius servers. The intent is to have the MR APs connect with mab auth (ISE has an already populated identity group with the AP MAC addresses), and any other wired or wireless device to use dot1x to authenticate. Everything works fine, but we have come to notice that when wireless clients connect to the SSID, we see both the dot1x and mab authentication. We don't plan on keeping or building out a mac identity group in ISE for wireless client MACs. Is there a way to disable mab on the Meraki for these clients, but keep mab enabled for the AP? Is there a way to truly lockdown the MAB authentication/authorization policy in ISE in this setup?   Anyone else encounter something like this? ... View more
Labels:
© 2024 Cisco Systems, Inc.