Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
1
Replies

Cisco ISE with Meraki Group Policies

Go to solution
Leonardo Santana
Spotlight
Spotlight

‎08-15-2024 05:45 AM

Hi,

Its possible to change the vlan assignament at the SSID using MERAKI group policies?

SSID: CORP

We have three different rules that will assign the authorization profile to three diferent vlans

Scenario: Meraki APs
Cisco ISE 3.1

Regards
Leonardo Santana

*** Rate All Helpful Responses***
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ccieexpert
Spotlight
Spotlight

‎08-16-2024 11:50 AM

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging

 

A per-user VLAN tag can be applied in 3 different ways:

  1. The RADIUS server returns a Tunnel-Private-Group-ID (e.g. 500), Tunnel-Type (VLAN), and Tunnel-Medium-Type (IEEE-802) attributes in the Access-Accept message, which specifies the VLAN ID that should be applied to the wireless user. This VLAN ID could override whatever may be configured in the MMC (which could be no VLAN tagging, or a per-SSID VLAN tag). To have this VLAN ID take effect, “RADIUS override” must be set to “RADIUS response can override VLAN tag” under the Configure tab on the Access Control page in the “VLAN setup” section.
  2. The RADIUS server returns a group policy attribute (e.g., Filter-ID) in the Access-Accept message. The group policy attribute specifies a group policy that should be applied to the wireless user, overriding the policy configured on the SSID itself. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user.
  3. On the Client Details page, a client can be manually assigned a group policy. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user.  

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ccieexpert
Spotlight
Spotlight

‎08-16-2024 11:50 AM

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging

 

A per-user VLAN tag can be applied in 3 different ways:

  1. The RADIUS server returns a Tunnel-Private-Group-ID (e.g. 500), Tunnel-Type (VLAN), and Tunnel-Medium-Type (IEEE-802) attributes in the Access-Accept message, which specifies the VLAN ID that should be applied to the wireless user. This VLAN ID could override whatever may be configured in the MMC (which could be no VLAN tagging, or a per-SSID VLAN tag). To have this VLAN ID take effect, “RADIUS override” must be set to “RADIUS response can override VLAN tag” under the Configure tab on the Access Control page in the “VLAN setup” section.
  2. The RADIUS server returns a group policy attribute (e.g., Filter-ID) in the Access-Accept message. The group policy attribute specifies a group policy that should be applied to the wireless user, overriding the policy configured on the SSID itself. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user.
  3. On the Client Details page, a client can be manually assigned a group policy. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user.  
0 Helpful
Customers Also Viewed These Support Documents