02-01-2023 10:35 PM
Hello All,
We have ISE, WLC and AP 9100 series and Catalyst switches 9300 series. All ports are configured for 802.1X. When AP connects to port it uses credential (configured on WLC) to authenticate with ISE and after successful authentication the port is turned into trunk port. Can Meraki APs authenticate with ISE in the same way ? Due to long delivery time of Cisco APs customer wants to use Meraki AP.
Regards,
An
Solved! Go to Solution.
02-02-2023 10:48 AM
hello @nupagazi , I would check it out depending on the model of AP you want to implement to see if such functionality exist that allows you to authenticate the AP as supplicant , it it does from the point of view of ISE it will be the same as any other dot1x authentication . In case there is no dot1x feature on the AP what you can attempt is to use profiling with ISE to allow the AP get access into your network once identified.
Let me know if that helped you.
02-07-2023 12:15 AM
I have found workaround solution for this. If we use both Meraki APs and switches, then we can use feature called SecurePort (SecureConnect) to authenticate APs.
https://documentation.meraki.com/MS/Access_Control/SecurePort_(formerly_known_as_SecureConnect)
02-01-2023 11:10 PM
- FYI : https://documentation.meraki.com/MR/Encryption_and_Authentication/Device_Posturing_using_Cisco_ISE
M.
02-01-2023 11:25 PM
Thanks Marce100 for the link but it is not what I am looking for. What I want is "when a switch port is configured for 802.1x, how Meraki AP is connected to that port and passes the authentication ?"
Regards,
An
02-02-2023 10:02 AM
Why do you want to authenticate the AP at all? I'm not sure if Meraki APs have a supplicant on their ethernet port.
02-02-2023 10:02 PM
Customer does not want any device can plug into the port, a device must pass the authentication before getting access.
Regards,
An
02-02-2023 10:48 AM
hello @nupagazi , I would check it out depending on the model of AP you want to implement to see if such functionality exist that allows you to authenticate the AP as supplicant , it it does from the point of view of ISE it will be the same as any other dot1x authentication . In case there is no dot1x feature on the AP what you can attempt is to use profiling with ISE to allow the AP get access into your network once identified.
Let me know if that helped you.
02-02-2023 10:04 PM
Hello Rodrigo,
Thank you for suggestion. Le me have a search into that.
Regards,
An
02-07-2023 12:15 AM
I have found workaround solution for this. If we use both Meraki APs and switches, then we can use feature called SecurePort (SecureConnect) to authenticate APs.
https://documentation.meraki.com/MS/Access_Control/SecurePort_(formerly_known_as_SecureConnect)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: