Cloud Technology

What are the best practices for securing Cisco Meraki wireless networks in a hybrid work model?

PA Asked by Patricia Moore · 05-01-2023
0 upvotes 5,241 views 0 comments
The question

Our company uses Cisco Meraki for our branch offices, but with more employees bringing in outside devices, I am worried about security. What are the best ways to implement Zero Trust and WPA3 across our Meraki APs without ruining the user experience for our non-technical staff? 

3 answers

0
E
Answered on 12-02-2023

 For Meraki environments, the most effective approach is integrating Cisco ISE for Identity-Based Networking. You can create granular Group Policies that apply automatically based on the user's login credentials. I recommend enabling Adaptive Policy using SGTs (Scalable Group Tags). This allows you to segment traffic without complex ACLs. Also, ensure you have Umbrella integration toggled on within the Meraki dashboard. This provides a DNS-layer security veil that protects users even if they bypass traditional firewalls, which is crucial for a hybrid workforce using various devices. 

0
TH
Answered on 15-02-2023

Would implementing Cisco ISE with Meraki be too complex for a small IT team to manage, or is the dashboard integration seamless enough that we won't need a dedicated security expert? 

PA 18-02-2023

Thomas, while ISE has a reputation for being complex, the Meraki-ISE integration has improved significantly. For a small team, you might consider using "ISE-PIC" or the cloud-based version. It automates much of the certificate handling. Once the initial RADIUS handshake is configured, the day-to-day management of wireless clients is handled almost entirely through the friendly Meraki interface.

0
CH
Answered on 20-02-2023

Definitely look into the Meraki Systems Manager (MDM). If you can control the endpoint security posture before they even connect to the SSID, you've won half the battle with your Zero Trust. 

EL 22-02-2023

I agree with Christopher. Combining MDM with the Meraki health checks ensures that only patched and encrypted devices get onto the sensitive parts of the corporate network.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session