Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3245
Views
0
Helpful
3
Replies

Best solution - ISE vs Meraki

kakins@alix
Level 1
Level 1

‎07-03-2018 09:04 AM - edited ‎03-01-2019 08:48 AM

Hello community,

My security team currently uses ISE for both sponsored guest wireless authentication and corporate wireless authentication (also used for "device administration" for TACACS+ and RADIUS). We recently upgraded to ISE 2.3. At the same time, the network team has been replacing our Cisco APs with Meraki APs (cloud-managed). We've had a few integration issues between Meraki and ISE that we are working through, specifically on the guest side and we are trying to make the user experience as smooth as possible. The network team has suggested switching guest wireless access and authentication totally over to Meraki.

We are planning to really ramp up using ISEs security features in the coming months (device posture, NAC, BYOD.). I want to make sure we don't cut guest over to Meraki and not be able to take advantage of ISE's security features when it can see all devices and authentication attempts. Any suggestions on whether we should keep the guest wireless authentication process on ISE or move guest over to Meraki where the Meraki's would manage the complete process for guest authentication?

Thanks!

Labels:
0 Helpful
3 Replies 3

thomas
Cisco Employee
Cisco Employee

‎07-03-2018 01:40 PM

Please see the ISE Design & Integration Guides > How To: Integrate Meraki Networks with ISE for specific configurations and steps to integrate ISE with Meraki if you haven't seen it already.

You have not specified your customer's Guest requirements other than "trying to make the user experience as smooth as possible" which isn't an actual Guest scenario. ISE can do Hotspot, Self-registered and Sponsored Guest scenarios. If you need to better understand these and the many options, I suggest you watch the https://cs.co/selling-ise-training > ISE 4D: Discover, Design, Demo Defend VoDs > ISE - Feature : Guest Access - Video to better understand the ISE Guest capabilities and compare them with Meraki's Guest capabilities.

You may experience the ISE Guest scenarios yourself using our ISE Demo/POV infrastructure in dCloud with your Cisco AP @ Cisco ISE 2.3 Secure Access Wizard v1.

0 Helpful

kakins@alix
Level 1
Level 1
In response to thomas

‎07-03-2018 04:57 PM

Hello Thomas, thanks for your response. We actually already in place with Meraki. I have it configured for Sponsored Guest and thinking of making it simpler based on our requirements by switching to using a key that we just rotate at some interval (day, week, etc.). My question is whether in the long run ISE gives me many more capabilities (considering we are going to start using many more of the security features of ISE soon). Just looking for opinions on which solution is most robust.

0 Helpful

thomas
Cisco Employee
Cisco Employee
In response to kakins@alix

‎07-10-2018 08:01 AM

Again, I don't know your requirements other than Simpler.

Hotspot is the simplest. It sounds like you want to do require an access code in your Hotspot portal which ISE supports:

I believe ISE is more robust.

BTW, not sure why you've posted this under the Data Center area for Announcements and Events. I suggest posting under Enterprise or Security next time which is where ISE lives and we monitor more closely.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card