Cloud-managed networks require a new kind of access control. Cloud services bring savings in terms of IT infrastructure, but also new challenges to security. Cisco Access Manager is a modern, cloud-based access control solution integrated into the Meraki ecosystem, which facilitates secure network access without complex configurations. In this blog, I will introduce Cisco Access Manager, the new access control solution for Cisco Meraki networks.
Cisco Access Manager – Key Features
Cloud management is today’s standard, but network security cannot lag behind. Access Manager offers an easy and scalable way to manage access without separate Radius servers or complex configurations. Everything happens in the familiar Meraki Dashboard.
Cisco Access Manager was only recently made available for wholesalers to sell, and my own expectations regarding it were mainly related to integration with Microsoft Entra ID directory and pricing. I heard about the upcoming product over a year ago, and at that time I was a bit startled by the estimates related to future prices. As a correctly priced product, the solution could change the market and pave the way for further cloud adoption. I was positively surprised when I heard the final price. I decided to buy NFR (Not for Resale) licenses immediately so that I could familiarize myself with the technology!
Here are some of the key benefits of Cisco Access Manager:
- Zero Trust security: Every user and device can be identified before accessing the network.
- Easy deployment: No physical NAC (Network Access Control) devices, everything in the cloud.
- Integration with Microsoft Entra ID: User and group context directly from identity management.
- Versatile authentication methods: EAP-TLS, EAP-TTLS, iPSK, and MAC Authentication Bypass for IoT devices.
- Identity-based segmentation: Prevents lateral movement and restricts access only to necessary resources.
Practical experiences and limitations
It has been a pleasure to immediately test this new technology that has entered the market and to offer a Meraki-branded solution to our cloud-oriented customers. However, I have made a few observations about the solution.
- Cisco Access Manager is not intended for the very smallest organizations. The service requires MR access points and MS switches that support the technology. Above IT’s own small Teleworker Gateway and its integrated Wi-Fi access point do not currently recognize Access Manager as a Radius service, and the same is likely true for other smaller security devices with integrated Wi-Fi. Fortunately, we found an MR36 access point on our shelf, so I was able to test Access Manager with it.
- A certificate service is still required separately. It’s great that a cloud-based access control service has finally been integrated into Meraki cloud management, which integrates directly with the Entra ID cloud directory. However, if you want it to be a service that truly authenticates workstations to the network, certificates are needed. It would have been great if Access Manager had baked in some kind of lightweight cloud-based PKI (Public Key Infrastructure) solution to support the smallest organizations. This would have directly solved the access control needs of SMEs independently in the cloud. Now a separate PKI service is needed, either on a server or in the cloud. Fortunately, these are also available in the market as a cloud service, such as Microsoft’s own Cloud PKI included in Intune Suite licensing, which will be included in Microsoft 365 E5 licensing in the future – Thus, this is at least accessible to larger companies. As a good observation, however, many third-party cloud PKI services also include built-in cloud Radius services, so will they take market share from Cisco Access Manager? Well, at least Access Manager integrates fully into the Meraki cloud without separate configurations.
- For dynamic network configuration of switch ports, more expensive Advantage licenses are required for the switches, which may force companies to upgrade their Meraki network device licenses to a more expensive tier – if this is the part of the technology they wish to utilize in Meraki networks.
However, the technology is more than a welcome addition to the Meraki portfolio. In my own experiments, integrating cloud-based identities with Entra ID for access control needs was easy. Now, with the upcoming changes to Microsoft 365 E5 licensing, I can imagine the technology, together with Microsoft’s Cloud PKI, bringing significant improvement to the security of cloud organizations concerned about network security!
Who is this solution for?
Cisco Access Manager is now finally generally available (GA). Licenses are available on a subscription model, with prices starting roughly from about
Cisco Access Manager is a modern solution for organizations that want to combine Zero Trust security, the ease of cloud management, and the Meraki ecosystem. It does not yet solve everything on its own, but for Microsoft 365 organizations already utilizing Meraki networks – it is definitely a technology worth implementing to enhance security!
Does your IT department want to solve local network access management? We have experience and insight into several cloud-based network access management and certificate solutions available on the market, as an integral part of cloud-based Microsoft 365 environments. We are also a Cisco partner specializing in environmental responsibility, at your service!
Does your IT department want to solve local network access management? We have experience and insight into several cloud-based network access management and certificate solutions available on the market, as an integral part of cloud-based Microsoft 365 environments. We are also a Cisco partner specializing in environmental responsibility, at your service!