05-02-2022 07:40 AM - edited 05-02-2022 07:46 AM
Hello all,
I am working through setting up a Meraki AP to be integrated with ISE. I am following the document below as a start.
In the section about the Guest access they reference that the policy server needs to be publicly reachable on the internet. I am guessing this is so that the Meraki cloud can communicate with it? Rather than simply have the server wide open to the internet I am wondering if there is a list somewhere that can be used to limit exposure to this server from something more specific? At least only open on specific ports? I want this to be as secure as possible and am thinking there should be a best practice or something with more detail on setting this up. Maybe I am over thinking this too much?
Thanks ...
08-30-2022 12:40 PM
Go to Help > Firewall Info. It will list the IP addresses that you'll need to allow through your firewall. Most of them are outbound rules, so unless your firewall is restricting outbound access, you can ignore those. After you've specified your RADIUS server's information and have a setup configured for RADIUS authentication, you should see an entry for inbound traffic associated with RADIUS. As you'll see, you only need to permit UDP port 1812 (you can do 1813 as well) for the Meraki IP addresses listed in that entry. See attached for an example.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide