Switches with a NAC for Security

Announcing Change of Authorization and enhanced ISE support, now available for MS switches

Happy Halloween! Here at Cisco Meraki we recognize that network security is a crucial part of any IT deployment. As mobile device adoption continues to skyrocket, security is becoming increasingly cumbersome to manage and oversee – particularly in large or highly distributed networks. In response to this, Network Access Control (NAC) solutions have evolved to support dynamic policy enforcement, going beyond the static one-and-done configuration approach of networks past. This enables more streamlined policy control over all users and devices while reducing complexity and opportunities for human error.

We are excited to announce that RADIUS Change of Authorization (CoA), a key feature for enabling deeper integration with NAC solutions, is now available in public beta. Once CoA is enabled, Meraki switches will act as a RADIUS Dynamic Authorization Server and will respond to RADIUS Change-of-Authorization and Disconnect messages sent by a RADIUS server. CoA can be configured easily using the Access Policies page in dashboard:

Access Policy with CoA

There are a variety of NAC solutions available in the market, including Cisco’s own Identity Services Engine (ISE), Bradford Network Sentry, and Forescout CounterACT® just to name a few. With the addition of CoA and RADIUS accounting, NAC solutions can now further integrate with Meraki switches for comprehensive policy enforcement and network access control.

This feature is included in our new switch firmware, which will be available to all Meraki switch customers soon.  You can learn more about how the feature is configured here, or if you would like to make use of this new capability right away you can contact our Support team via the Get Help page in Dashboard and we’ll be happy to get an upgrade scheduled for you.