Hello all, I wanted to get a better understanding how this works : https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X) On WIFI it’s obviously pretty easy now to set up a SSID that does automatic 802.1X authentication for any device on any OS that is enrolled in meraki MDM (and place self-enrollment behind a login users don’t have) and a separate SSID for guest users. All of our desktops/mobile are in the Meraki MDM. I was hoping to do the same thing on (at least) some subset of our LAN ports Allow ethernet devices enrolled in our MDM to have access and restrict anything else (mac and pc!) Or more ideally: Allow ethernet devices enrolled in our MDM to have access and dump anything else on a guest vlan (Mac and pc!) I don’t have meraki switches yet nor do I plan to invest in cisco ISE at the moment. If I hang a MS switch off non meraki switching would I be able to use the sentry/802.1x capability on a specific VLAN (and perhaps be able to use the “guest’ vlan) with single host mode? When looking at settings on a test dashboard network this seems to be the case? Looking at capabilities, in *THEORY* the same thing is possible if running the relevant ports through something like a MR30H ? Or perhaps via one of the MX appliances? Depending on the scenario/cost we could probably directly wire the ports in question directly (edit, an old thread with screenshot of the wifi network I would like to duplicate: https://community.meraki.com/t5/Security-SD-WAN/Meraki-Wifi-style-Sentry-802-1x-on-wired-LAN/m-p/5185#M1334 ) thanks
... View more
Hello all, I am trying to reproduce a security configuration on our Meraki wireless on a wired network that would consist of Regular Cisco switches and I assume a single armed Meraki MX, I am wondering if it is in any way possible d (see attached) - basically the end result of this configuration: any device that is on our Meraki MDM is allowed to access this SSID via certificate authentication, all other devices receive a login prompt (that only has admin users anyway) and even then only allows MDM enrollment effectively blocking all non enrolled devices.
... View more