This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a customer that is using Meraki MR AP and they want to authenticate users on AD, but tying each user to their PC (MAC Address). I know that with ISE we can do it, but I dont know if Meraki MR, using 802.1X PEAP-MSCHAP, sends Calling Station ID attribute or similar to tie the wireless device. Do you know if is it possible or ideas to do it?
Thanks in advanced
Solved! Go to Solution.
Calling Station ID is a pretty RADIUS attribute and I'm pretty sure the MR access point have this functionality. What I don't understand is how you are trying to tie the user and machine together. Are you looking for something link EAP-Chaining?
Thanks Tim. Is more simple my request
My customer is looking for a way to authorize access to an user just if it is using their assigned PC.
I think to put in AD a field attribute as user’s PC MAC address and using 802.1X PEAP-MSCHAP, send from ISE an authentication request with user/password and get from AD this attribute to compare with calling station ID attribute ( if Meraki sends it on Radius request). It will work?
De: Timothy Abbott <email@example.com>
Responder a: "firstname.lastname@example.org" <email@example.com>
Fecha: jueves, 6 de abril de 2017, 11:05
Para: "Mauricio Fuentes (maufuent)" <firstname.lastname@example.org>
Asunto: Re: - Meraki MR and ISE integration
Cisco Communities <https://communities.cisco.com/>
Meraki MR and ISE integration
reply from Timothy Abbott<https://communities.cisco.com/people/tiabbott> in Technology > Security Community > Policy and Access > Identity Services Engine (ISE) - View the full discussion<https://communities.cisco.com/message/251188#251188>
Perhaps, you want to consider this Deny and allow workstation logons with Group Policy – 4sysops
Please remember to add ISE PSNs to the list, tho.