Our company uses Cisco Meraki for our branch offices, but with more employees bringing in outside devices, I am worried about security. What are the best ways to implement Zero Trust and WPA3 across our Meraki APs without ruining the user experience for our non-technical staff?
3 answers
For Meraki environments, the most effective approach is integrating Cisco ISE for Identity-Based Networking. You can create granular Group Policies that apply automatically based on the user's login credentials. I recommend enabling Adaptive Policy using SGTs (Scalable Group Tags). This allows you to segment traffic without complex ACLs. Also, ensure you have Umbrella integration toggled on within the Meraki dashboard. This provides a DNS-layer security veil that protects users even if they bypass traditional firewalls, which is crucial for a hybrid workforce using various devices.
Would implementing Cisco ISE with Meraki be too complex for a small IT team to manage, or is the dashboard integration seamless enough that we won't need a dedicated security expert?
Definitely look into the Meraki Systems Manager (MDM). If you can control the endpoint security posture before they even connect to the SSID, you've won half the battle with your Zero Trust.
I agree with Christopher. Combining MDM with the Meraki health checks ensures that only patched and encrypted devices get onto the sensitive parts of the corporate network.
Thomas, while ISE has a reputation for being complex, the Meraki-ISE integration has improved significantly. For a small team, you might consider using "ISE-PIC" or the cloud-based version. It automates much of the certificate handling. Once the initial RADIUS handshake is configured, the day-to-day management of wireless clients is handled almost entirely through the friendly Meraki interface.