Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1545
Views
0
Helpful
1
Replies

Integrating Meraki APs with ISE and Guest access - LWA

bberry
Level 1
Level 1

‎05-02-2022 07:40 AM - edited ‎05-02-2022 07:46 AM

Hello all,

 

I am working through setting up a Meraki AP to be integrated with ISE. I am following the document below as a start.

https://community.cisco.com/t5/security-documents/how-to-integrate-meraki-networks-with-ise/ta-p/3618650#toc-hId--1101926109

In the section about the Guest access they reference that the policy server needs to be publicly reachable on the internet. I am guessing this is so that the Meraki cloud can communicate with it? Rather than simply have the server wide open to the internet I am wondering if there is a list somewhere that can be used to limit exposure to this server from something more specific? At least only open on specific ports? I want this to be as secure as possible and am thinking there should be a best practice or something with more detail on setting this up. Maybe I am over thinking this too much?

 

Thanks ...

Labels:
0 Helpful
1 Reply 1

b_chancel
Level 1
Level 1

‎08-30-2022 12:40 PM

Go to Help > Firewall Info. It will list the IP addresses that you'll need to allow through your firewall. Most of them are outbound rules, so unless your firewall is restricting outbound access, you can ignore those. After you've specified your RADIUS server's information and have a setup configured for RADIUS authentication, you should see an entry for inbound traffic associated with RADIUS. As you'll see, you only need to permit UDP port 1812 (you can do 1813 as well) for the Meraki IP addresses listed in that entry. See attached for an example.

Preview file
55 KB
0 Helpful
Customers Also Viewed These Support Documents