Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
837
Views
2
Helpful
5
Replies

CISCO ISE and MERAKI LICENSE

Go to solution
wmendozaOpenlink
Level 1
Level 1

‎12-16-2023 04:30 PM

Hello team, I wanted to know if anyone knows if for MS390 and MR46 with Cisco ISE, an Enterprice license only in Meraki is enough? I have a little confusion with the Advance licenses for the use of adaptive policies and ISE

Can ISE use a license like Advantage for SGT usage and more, and can Meraki use Enterprice licenses? Or... do you necessarily need both licenses, that is, advantage in Cisco and advance in Meraki?
I see that with a solution like ISE clearly adaptive policies would no longer be needed since SGT would now be covered by ISE. It's right?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ammahend
VIP
VIP
In response to wmendozaOpenlink

‎12-16-2023 04:52 PM - edited ‎12-16-2023 04:57 PM

if you have Meraki infrastructure and want to build sgt based microsegmentation then you need adaptive policy hence you need advance licenses on meraki switches and AP, if you already have enterprise license then you need to purchase upgrade license. In this case i dont think you need ise advantage license, you can assign sgt using just enterprise license also, now what you want to do with sgt is based on policy, which is created on meraki dashboard. 

if you have Cisco infrastructure and want to do sgt based microsegmentation then you need trustsec capable cisco devices and cisco ise with advance license. in this case the policy is built on ISE itself and pushed down to cisco devices. 

-hope this helps-

View solution in original post

5 Replies 5

Go to solution
ammahend
VIP
VIP

‎12-16-2023 04:35 PM - edited ‎12-16-2023 04:41 PM

if you need to do adaptive policy you need advance licenses on your AP and MS390 irrespective of what license you have on ISE, the tagging can come natively from meraki or can be assigned by ISE as part of authorization (which is preferred method).

Also, dont confuse trustsec with adaptive policy, they both use sgt but meraki adoption is different, adaptive policy does not require policy matrix to be created in ISE unlike trustsec, you build the policy in Meraki dashboard itself, only sgt are assigned by ISE.  

-hope this helps-

Go to solution
wmendozaOpenlink
Level 1
Level 1
In response to ammahend

‎12-16-2023 04:44 PM

I'm a little confused here, if i understand that Adaptive Policy use SGT, correct? and ISE uses SGT (TrustSec), is that correct? What I mean is that adaptive policies wouldn't really be necessary if you use ISE with advantage licenses, am I correct?

0 Helpful

Go to solution
ammahend
VIP
VIP
In response to wmendozaOpenlink

‎12-16-2023 04:52 PM - edited ‎12-16-2023 04:57 PM

if you have Meraki infrastructure and want to build sgt based microsegmentation then you need adaptive policy hence you need advance licenses on meraki switches and AP, if you already have enterprise license then you need to purchase upgrade license. In this case i dont think you need ise advantage license, you can assign sgt using just enterprise license also, now what you want to do with sgt is based on policy, which is created on meraki dashboard. 

if you have Cisco infrastructure and want to do sgt based microsegmentation then you need trustsec capable cisco devices and cisco ise with advance license. in this case the policy is built on ISE itself and pushed down to cisco devices. 

-hope this helps-

Go to solution
wmendozaOpenlink
Level 1
Level 1
In response to ammahend

‎12-16-2023 05:10 PM

Well, this is the case of a client who wants a Meraki infrastructure, and wants to involve an ISE, for this reason I see that it is better to use ISE for SGT, and the basic licenses in Meraki, I think that also ISE ends up being a little more robust than Meraki Adaptive Policy

0 Helpful

Go to solution
ammahend
VIP
VIP
In response to wmendozaOpenlink

‎12-16-2023 07:10 PM - edited ‎12-17-2023 04:46 PM

As i mentioned before if they have Meraki infrastructure with MS390 or new 9300-M, they need Meraki advanced license to do adaptive policy irrespective of what license you have on ISE,  If they dont want to do adaptive policy, then they dont need advance license. 

review this document

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Adaptive_Policy/Adaptive_Policy_Overview

-hope this helps-
0 Helpful
Customers Also Viewed These Support Documents