Security

last person joined: 3 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Meraki Guest - CoA reauthenticate issue

Jump to Best Answer
  • 1.  ClearPass Meraki Guest - CoA reauthenticate issue

    Posted Aug 18, 2020 08:45 AM
      |   view attached

    Hi All,

     

    I have an issue where I have a perfectly fine guest portal working with Cisco WLC's controller based redirection but now a Cisco Meraki pilot has been requested. I have built out the service polices and new child guest page with sever initiation Cisco RFC redirect. Where i get stuck is the final hand off between ClearPass after a successful webauh the CoA gets sent however the guest client is redirected to the web portal splash page again. I suspect timing or CoA as if we turn off the wifi and back on all MAC catching works as expected. all port authentication enpoint stamping works as well. see below final CoA output 

     

    Output RADIUS Attributes -
    Endpoint:domain = "hidden"
    Endpoint:Guest Role ID = 3
    Endpoint:MAC-Auth Expiry = 2020-11-17 17:00:00
    Endpoint:pwdlastset = 132417155193396008
    Endpoint:Username = "hidden"
    Radius:Cisco:Cisco-AVPair = subscriber:command=reauthenticate
    Radius:Cisco:Cisco-AVPair = subscriber:reauthenticate-type=last
    Radius:IETF:Calling-Station-Id = 80-0C-67-E3-CA-6B
    Status-Update:Endpoint = Known

    Alerts -
    Error Code: 0
    Error Category: Success
    Error Message: Success
    Alerts for this Request -
    WebAuthService: [Guest Device Repository]: Value for param Connection:Client-Mac-Address-Upper-Hyphen not found

     

    Redirect URL 

    url-redirect=https://guestportal.company1.com/guest/meraki_register_login.php?&mac=%{Connection:Client-Mac-Address-Colon}

     

    see attached

    thanks in advance

     

     

     

     

     



  • 2.  RE: ClearPass Meraki Guest - CoA reauthenticate issue
    Best Answer

    Posted Aug 19, 2020 09:00 PM

    toot cause was adjusting the radios CoA time from 2 to 12 seconds within the server settings