cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About TedS

Re: Device Policy - Blocked on MX

by in Security / SD-WAN
‎09-11-2018 08:00 AM
‎09-11-2018 08:00 AM
I work at ForeScout.  I have a test bed to simulate one of my customer's environments.  They will have an MX, MRs and MS' at remote sites.  They will be using the MX switch ports as access ports if there are not enough switch ports available in the MS' at that branch office.    Once the ForeScout appliance determines that an unauthorized device has connected to the the MX, I want to prevent it from communicating to any local device using API calls.  It seems the only options I have available are DevicePolicy since the MX does not support COA. ... View more

Re: Device Policy - Blocked on MX

by in Security / SD-WAN
‎09-11-2018 07:01 AM
‎09-11-2018 07:01 AM
Hi Adam,   Thanks for the reply.  What if the only switch at the branch is in the MX, that meaning there are no MS switches? ... View more

Device Policy - Blocked on MX

by in Security / SD-WAN
‎09-11-2018 06:36 AM
‎09-11-2018 06:36 AM
Team,   I am trying to block a host from communication with other hosts on the same VLAN on a MX.  I am setting the Device Policy as blocked for the host.  The host can still communicate with other hosts on the same VLAN.  The is blocked from communicating with hosts on the Internet.   I saw this in the documentation: "...Firewall rule applied to block all communication with other devices on the Network (Only applies to traffic that traverses the Cisco Meraki Device that has the block is configured)..."     I guess what I am seeing is a L3 block at the firewall level, not the switch port level.  Can anyone confirm this is the case?   If it is the case, is there any other way to achieve the results that I am looking for?     Thanks for any replies! ... View more

Bouncing switch port after 802.1x COA VLAN change

by in Switching
‎03-23-2018 05:06 PM
‎03-23-2018 05:06 PM
Team,   I am issue COA messages to an MS-220 switch to change the VLAN.  The VLAN is changing fine which is great.  However, the port needs to bounce to trigger a DHCP renew.  I can't seem to find anything on how to do that.    I am following these two articles: https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Dynamic_VLAN_assignment_via_802.1X_(RADIUS)_for_MS_Switches     https://documentation.meraki.com/MS/Access_Control/Change_of_Authorization_with_RADIUS_(CoA)_on_MS_Switches Change of Authorization is used to change client authorizations in the following use cases: Reauthenticate RADIUS Clients Changing the VLAN for an existing client session when authentication via Wired 802.1x or MAC Authentication Bypass (MAB) is possible using CoA.  A port bounce will force the client to re-authenticate and assign the new VLAN.     Any Suggestions? ... View more
© 2023 Meraki