Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3634
Views
5
Helpful
5
Replies

ISE - Meraki

Go to solution
VVVENKAT
Cisco Employee
Cisco Employee

‎02-27-2018 05:45 AM

Hi All

I had a look at the ISE - Meraki integration guide How To: Integrate Meraki Networks with ISE

As per the doc, only dVLAN is supported with MS switches. Could you please confirm dACL is not supported with MS switches?

The doc also states that , inline posture node is required. Is it only for MX appliances?

Many Thanks

V.Venkata Manikandan

2 Accepted Solutions

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎02-27-2018 11:34 AM

Hi,

I need to update the doc to remove the references to the inline posture node since 2.X does not support it.  MX still does not support URL-redirect with Session ID and RADIUS CoA.  As a result, it will not be able to participate in the more advanced use cases like posture.  As of now, the MS switch only support dynamic VLAN assignment.  They do not have support for any type of access lists currently.

Regards,

-Tim

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎02-27-2018 11:34 AM

Hi,

I need to update the doc to remove the references to the inline posture node since 2.X does not support it.  MX still does not support URL-redirect with Session ID and RADIUS CoA.  As a result, it will not be able to participate in the more advanced use cases like posture.  As of now, the MS switch only support dynamic VLAN assignment.  They do not have support for any type of access lists currently.

Regards,

-Tim

0 Helpful

Go to solution
VVVENKAT
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎02-28-2018 01:38 AM

Thanks Tim. I was wondering as ISE 2.x does not support iPEP.

Many Thanks

V.Venkata Manikandan

0 Helpful

Go to solution
umahar
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎12-14-2018 07:46 AM - edited ‎12-14-2018 07:49 AM

Tim,

 

Does Meraki support change of vlan since its an IETF avp ?

If redirection ACL is not supported maybe we can achieve something with a combination of Call Home List and Quarantine Vlan which restricts traffic to internal network via an upstream firewall or even a DACL.

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee
In response to umahar

‎12-14-2018 01:39 PM

Which platform is this for? For MR/MS, URL redirect and CoA is supported. For MX, ISE 2.2 & AC4.4 supports posture without relying on URL redirect. However, CoA is required if enforcement is needed on MX platform which I am not sure whether supported or not. I suggest reaching out to Meraki team in regards to CoA support on MX platform.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents