Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1176
Views
0
Helpful
3
Replies

ISE posture using meraki and call home list

Go to solution
aravikumar
Level 1
Level 1

‎07-15-2019 07:31 AM - edited ‎02-21-2020 11:07 AM

Hi All,

 

As Meraki MS series switches does not support named ACL being pushed from ISE, we are using Call Home List feature in ISE to configure posture. The posture is happening completely and the endpoint is being allowed access to the network. In our environment, the AD credentials of the user got expired. From the login screen, the user will not be having access to AD prior authentication, therefore the user is forced to use the cached credentials (old credentials). In order to provide access to certain resources including AD prior authentication, we should be able to push named ACL from ISE to meraki switches. But unfortunately this is not supported in meraki switches. Even the url redirected walled feature is supported from MS 350 series and above, but using that is also not a feasible solution as there might be "n" number of domain controller IPs in an environment.

 

I would like to know if there is any way to get around this or get this fixed?

 

Thanks,

 

Aravind Ravikumar

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to aravikumar

‎07-16-2019 12:34 PM

This is a limitation of Meraki MS.  Please work with the Meraki team to enter an enhancement request.

 

Regards,

-Tim

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎07-15-2019 08:45 AM

How is the access being restricted prior to authentication ? Allow access based on the ports 88, 389, 464, 3268, 3269, 53 instead of IP Addresses. If you have any special services offered by the domain controllers apart from the ones mentioned here, please allow them too.
0 Helpful

Go to solution
aravikumar
Level 1
Level 1
In response to Surendra

‎07-15-2019 08:50 AM

During or before posture redirection, there is only access to ISE PSNs. There is no way in meraki switch configuration (access policy) to allow the ports.

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to aravikumar

‎07-16-2019 12:34 PM

This is a limitation of Meraki MS.  Please work with the Meraki team to enter an enhancement request.

 

Regards,

-Tim

0 Helpful
Customers Also Viewed These Support Documents