Meraki

Community

About TedS

Re: Device Policy - Blocked on MX

by in Security & SD-WAN
‎Sep 11 2018 8:00 AM
‎Sep 11 2018 8:00 AM
I work at ForeScout.  I have a test bed to simulate one of my customer's environments.  They will have an MX, MRs and MS' at remote sites.  They will be using the MX switch ports as access ports if there are not enough switch ports available in the MS' at that branch office.    Once the ForeScout appliance determines that an unauthorized device has connected to the the MX, I want to prevent it from communicating to any local device using API calls.  It seems the only options I have available are DevicePolicy since the MX does not support COA. ... View more

Re: Device Policy - Blocked on MX

by in Security & SD-WAN
‎Sep 11 2018 7:01 AM
‎Sep 11 2018 7:01 AM
Hi Adam,   Thanks for the reply.  What if the only switch at the branch is in the MX, that meaning there are no MS switches? ... View more

Device Policy - Blocked on MX

by in Security & SD-WAN
‎Sep 11 2018 6:36 AM
‎Sep 11 2018 6:36 AM
Team,   I am trying to block a host from communication with other hosts on the same VLAN on a MX.  I am setting the Device Policy as blocked for the host.  The host can still communicate with other hosts on the same VLAN.  The is blocked from communicating with hosts on the Internet.   I saw this in the documentation: "...Firewall rule applied to block all communication with other devices on the Network (Only applies to traffic that traverses the Cisco Meraki Device that has the block is configured)..."     I guess what I am seeing is a L3 block at the firewall level, not the switch port level.  Can anyone confirm this is the case?   If it is the case, is there any other way to achieve the results that I am looking for?     Thanks for any replies! ... View more

Bouncing switch port after 802.1x COA VLAN change

by in Switching
‎Mar 23 2018 5:06 PM
‎Mar 23 2018 5:06 PM
Team,   I am issue COA messages to an MS-220 switch to change the VLAN.  The VLAN is changing fine which is great.  However, the port needs to bounce to trigger a DHCP renew.  I can't seem to find anything on how to do that.    I am following these two articles: https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Dynamic_VLAN_assignment_via_802.1X_(RADIUS)_for_MS_Switches     https://documentation.meraki.com/MS/Access_Control/Change_of_Authorization_with_RADIUS_(CoA)_on_MS_Switches Change of Authorization is used to change client authorizations in the following use cases: Reauthenticate RADIUS Clients Changing the VLAN for an existing client session when authentication via Wired 802.1x or MAC Authentication Bypass (MAB) is possible using CoA.  A port bounce will force the client to re-authenticate and assign the new VLAN.     Any Suggestions? ... View more
© 2024 Cisco Systems, Inc.