Security

All,

I'm currently working with a customer that has a Meru infrastructure running 7.0.8-0. We've been able to setup OnBoarding, OnGuard, and the initial ClearPass Guest authentication, without too much of an issue.

We're currently stuck trying to figure out how we will do MAC Caching. We are running into two separate issues. The first is that when a user fails "MAC Filtering" we are not able to fail open to the Captive Portal page. 

The second issue is a little more complex. Here's what is happening:

1. The user connects to the captive portal SSID and is successfully authenticated into the network if they have previously been sponsored.

2. The user is bound to the ESS Profile in Meru for ClearPass Guest.

3. The user is presented the Captive Portal once again. The Captive Portal is tied to that ESS Profile and I haven't had any luck finding a RADIUS attribute to bypass this.

One awful workaround would be to have a separate Guest MAC Caching SSID that would be used to authenticate users that are still valid within ClearPass Guest. This seems beyond kludgy to me, and I'd really like to avoid it.

Thanks for any help that you can offer!

-Mike

not trying to chase you away, but both seem more Meru issues then Aruba. so perhaps someone here has built something like this and can help out, but i certainly would also engage Meru support or community on this.

Hi Boneyard,

Agreed. I was curious if anyone had found a way to work around the issue in a Meru deployment. I had a call with Meru TAC and it answered a lot of questions. Unfortunately, I don't think we'll be able to do something similar to what an Aruba or Cisco deployment can pull off. I'll keep this thread updated in case we're able to figure something out.

-Mike