Hello all, I wanted to get a better understanding how this works : https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X) On WIFI it’s obviously pretty easy now to set up a SSID that does automatic 802.1X authentication for any device on any OS that is enrolled in meraki MDM (and place self-enrollment behind a login users don’t have) and a separate SSID for guest users. All of our desktops/mobile are in the Meraki MDM. I was hoping to do the same thing on (at least) some subset of our LAN ports Allow ethernet devices enrolled in our MDM to have access and restrict anything else (mac and pc!) Or more ideally: Allow ethernet devices enrolled in our MDM to have access and dump anything else on a guest vlan (Mac and pc!) I don’t have meraki switches yet nor do I plan to invest in cisco ISE at the moment. If I hang a MS switch off non meraki switching would I be able to use the sentry/802.1x capability on a specific VLAN (and perhaps be able to use the “guest’ vlan) with single host mode? When looking at settings on a test dashboard network this seems to be the case? Looking at capabilities, in *THEORY* the same thing is possible if running the relevant ports through something like a MR30H ? Or perhaps via one of the MX appliances? Depending on the scenario/cost we could probably directly wire the ports in question directly (edit, an old thread with screenshot of the wifi network I would like to duplicate: https://community.meraki.com/t5/Security-SD-WAN/Meraki-Wifi-style-Sentry-802-1x-on-wired-LAN/m-p/5185#M1334 ) thanks
... View more
