Security

Reply
New Contributor
Posts: 3
Registered: ‎10-14-2016

Clearpass and Meraki

Hi all

 

I have a network build with meraki access points supported by clearpass policy server.

 

I got guest and 802.1X working, 

Last week meraki added CoA to the radius settings.

I would like to use this in my posturing but can not figger out how to add the meraki radius attributes.

 

Does somebody have any pointers?

New Contributor
Posts: 1
Registered: ‎12-01-2016

Re: Clearpass and Meraki

I have the exact same problem.  I have the Meraki SSID using WPA2-Enterprise against Clearpass Policy Manager.  Based on the criteria and AD groups clearpass sends back the correct Filter-ID in the radius accept message, that will dynamically aply the appropriate Meraki security policy.  However, I am struggling to figure out how I can change the security policy after CPPM and the OnGuard agent finish their checks.  Any feedback on how to do this?

New Contributor
Posts: 3
Registered: ‎04-05-2017

Re: Clearpass and Meraki

What do you want to use a change of authorization to do exactly? Based on Meraki Documentation, you can only do reauthenticate and disconnect request.  If you need to send radius attributes you can setup an enforcement profile to handle the specific criteria.  For example, I am using radius private-tunnel-id to set the vlan based on user or machine auth.  

 

Hope that helps. 

Occasional Contributor I
Posts: 5
Registered: 2 weeks ago

Re: Clearpass and Meraki

I am new to Clearpass, and i am trying to setup something similiar to yours.  Is their documentation you followed to set this up with Meraki?  Thanks

New Contributor
Posts: 3
Registered: ‎04-05-2017

Re: Clearpass and Meraki

Brad-  Can you tell me what you are looking to do? 

If you are setting up api calls I will be working on documenting the process.  I will most likely share that with Meraki so they can add it to their documentation. 

If you just need to tag a vlan you can us an enforcement profile.  It is all radius ietf settings.

 

 

Occasional Contributor I
Posts: 5
Registered: 2 weeks ago

Re: Clearpass and Meraki

As of right now we are just wanting to implement a simple service where, any new device cannot connect to the Network untill we mark it as a known device.  All Unknown and disabled devices will not be able to connect.  So users will authenticate against the local user Repository, then their device will need to be known.  I believe i have this working now with The local user repository as the Authentication Soruce, the Endpoint Repository as the Authorization source and then Enforcment Policy rules For Unknown and Disabled Devices set to the Deny Access Profile.  Not sure if this is the best way to accomplish it, but it seems to be working.

New Contributor
Posts: 3
Registered: ‎04-05-2017

Re: Clearpass and Meraki

Are you profiling endpoints?  That may be the easiest way to get them in the endpoints database.  Basic idea is to enable profiling and point an ip-helper to the ClearPass server. That will start profiling any device doing DHCP. 

Search Airheads
Showing results for 
Search instead for 
Did you mean: