Trying to get my head around how WLAN's advertised on Meraki AP's work in an SD-Access environment.
- Meraki AP connected to a fabric enabled SD-Access switch port
- Meraki obviously doing local switching (flex connect mode), where data traffic for each WLAN is dumped onto the fabric switchport.
- Meraki AP doing radius with ISE for WLAN-Corp but no radius for WLAN-Guest (instead using meraki captive portal)
So how does this actually work? I see a few issues: for WLAN-Guest - Meraki just dumps the guest user into a vlan (say VLAN 10), ISE has no notion of the guest endpoint except for the mac address of the guest that shows up on the fabric enabled switchport (is my understanding correct)? So on ISE I guess we need to somehow match this guest MAC addr then have an authz policy to tell SDA to put the guest into the correct VN,SGT, IP Pool?
For WLAN-Corp where Meraki is using ISE for radius, we authenticate the corp user and set the SGT and have the same SGT value created on Meraki dashboard's Adaptive Policy Group Tag setting? But how do we set the SDA VN and IP Pool for this wifi user when their traffic hits the fabric enabled port?
Is just setting the SGT via ISE enough (with matching SGT on Meraki as Adaptive Policy Group Tag), would this be enough for fabric enabled switch to know what do it?
I think I am missing something fundamental here. Is there any guide explaining in detail how meraki AP flexconnect mode can work with SDA?