Showing results for 
Search instead for 
Did you mean: 

Integrating Meraki APs with ISE and Guest access - LWA


Hello all,


I am working through setting up a Meraki AP to be integrated with ISE. I am following the document below as a start.

In the section about the Guest access they reference that the policy server needs to be publicly reachable on the internet. I am guessing this is so that the Meraki cloud can communicate with it? Rather than simply have the server wide open to the internet I am wondering if there is a list somewhere that can be used to limit exposure to this server from something more specific? At least only open on specific ports? I want this to be as secure as possible and am thinking there should be a best practice or something with more detail on setting this up. Maybe I am over thinking this too much?


Thanks ...

1 Reply 1


Go to Help > Firewall Info. It will list the IP addresses that you'll need to allow through your firewall. Most of them are outbound rules, so unless your firewall is restricting outbound access, you can ignore those. After you've specified your RADIUS server's information and have a setup configured for RADIUS authentication, you should see an entry for inbound traffic associated with RADIUS. As you'll see, you only need to permit UDP port 1812 (you can do 1813 as well) for the Meraki IP addresses listed in that entry. See attached for an example.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers