I need to implement the following:
a single ssid on a meraki wifi system, with multiple vlans.
some machines will have a valid certificate from the corp and should be assigned a corp vlan.
some machines will not have a valid certificate and will be assigned a guest vlan.
some smart devices will be allowed limited access to corp ( device database) and yet another vlan.
how do I implement this in clearpass using meraki wifi and clearpass?
---- meraki config
my guess is: ( ssid config in the meraki cloud)
ssid = name
networks access = enterprise with " my radius server" -> clearpass ip address .. etc.
possibly: "assign group policy by device type" -> for smart devices
client ip assignment = " bridge mode: make clients part on the lan"
vlan tagging = "use vlan tagging"
--- clearpass config
service = meraki (wireless service)
1, check certificate of device, if it is ok , assign vlan "corp"
2. if smart-device and in database, assign vlan "smart device"
3. default :: assign vlan "guest vlan"
is this possible? and if so am I on the right track ?
Yes this can work. You need to use the "Cisco Identity Services Engine (ISE) Authentication" option on the Meraki side.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.