ACL migration from WLC to Meraki Group policies for ISE posturing and CoA

Madhan kumar G — Fri, 08 Jul 2022 16:50:32 GMT

Hi,

ISE is used for posturing.

During migration from Cisco WLC to Meraki Wireless, existing setup has ACLs created in WLC. Now we are configuring similar group policies in Meraki. Using Airspace ACL attribute for deciding the ACL.
Do we have to keep permit and deny as it is in WLC or need to inverse them in Meraki?
Confusion is because of redirect ACLs
Please clarify.

Re: ACL migration from WLC to Meraki Group policies for ISE posturing and CoA

joey.debra — Sat, 09 Jul 2022 17:42:28 GMT

Meraki does not use the concept of redirect ACL. This document outlines your use case https://documentation.meraki.com/MR/Encryption_and_Authentication/Device_Posturing_using_Cisco_ISE

Basically you need to choose the ISE portal authentication and the URL that is passed from ISE will be used.
Don't forget to put ISE IP's in the walled garden to avoid having the redirect loop (which kind of acts as your preauth ACL).

If you apply any ACL AFTER authentication you will have to pass Filter-ID or Airespace-ACL which have regular permits and denies and will not be inverted.

topic ACL migration from WLC to Meraki Group policies for ISE posturing and CoA in Wireless

ACL migration from WLC to Meraki Group policies for ISE posturing and CoA

Re: ACL migration from WLC to Meraki Group policies for ISE posturing and CoA