Cisco ISE + Meraki, part 2

It works!

Specifically, I now have ISE authenticating users for my Meraki AP. Given membership in the appropriate AD group, ISE pushes an “Airespace-ACL-Name” that matches a group policy on the Meraki side. That group policy changes the users’s VLAN to one with WCCP redirect to a Cisco vWSA, and boom, web filtering!

I’ll post pics of the configuration at some point. Said point will likely happen sooner upon request, otherwise just know that’s is possible and I’ll put details up as soon as I can.

Studying for the CCIE

After taking that practice test, I realized that I need some study on a bunch of the RF parts of wireless. I can make it go, no problem, but can I tell you what a beacon frame contains? Apparently not.

I went to Barnes & Noble and was disappointed to find that their computer book section is now a shelf (not an aisle, a shelf), and it contains mostly Photoshop books. I really wanted to flip through one before I bought it; surfing on Amazon just isn’t the same.

So no book.

I talked to a friend that is also working on his and we are going to share lab equipment, at least. So that’s some progress.

Cisco ISE + Meraki AP

I’m cruising around in the Meraki GUI today and I notice that there’s an option to use my own RADIUS server. Cool, I think to myself – I can use ISE to authenticate and authorize my users while still using my Meraki AP!

(Why not a Cisco AP? My controller is suffering from a lack of magic blue smoke at the moment and I don’t feel like converting the APs back to standalone mode.)

Anyway.

Access_Control_Configuration_-_Meraki_Dashboard_-_luzynski_wap

 

Cool! Are there settings? Yes, yes there are:

Access_Control_Configuration_-_Meraki_Dashboard_-_luzynski_wap1

 

Hit the big test button, and ISE says no. A quick Google finds me a blog post wherein someone else already worked out the problem. With those adjustments made, boom, ISE is authenticating users on a Meraki SSID.

The next challenge is to get ISE to force proxy settings upon those users…

Getting a Wireless CCIE

I was talking (ok, emailing, whatever) with a customer of mine last week and the subject of the CCIE came up. Said customer was asking me for some help on getting started studying. After throwing him some information that I scraped together, I thought to myself…

Surely I can do this too.

One of the resources that I had shared was the quizzer that ipexpert.com sells. Lots of questions, mostly on topic, and vaguely similar to the kind of stuff that gets asked on the test. So I bought it.

As it turns out, the number of questions was more than I had time to deal with at that moment.

my first, cold, dry run on the CCIE Wireless quizzer.

my first, cold, dry run on the CCIE Wireless quizzer.

Still. Not feeling too bad about it considering this was spontaneous, without studying.

Lesson #1: Quit screwing around and just go try it. Don’t buy the book, don’t dither about wondering whether or not you are ready. Go try a practice test.

Not pictured (because hey, I’m a Cisco SE, this is embarrassing enough already) is the detail they give you back on what stuff you know and what you need work on.

Now it’s time to buckle down with a book and the Internet and learn the parts I couldn’t BS my way through.