- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
ClearPass Guest with Meraki Wireless
2 weeks ago
Does anyone have an end to end guide on how to set up ClearPass guest captive portal with Meraki Wireless? I have set up a guest SSID within Meraki wireless and configured as a splash page with custom splash page. When the client connects to the SSID the captive portal page from clearpass loads up. The user tries to self register, and the guest account gets created in ClearPass. When the user tries to login, the browser is just getting directed to a Meraki 'page not found' page.
Within Meraki the RADIUS transaction for the guest captive portal comes from the Meraki Cloud not the AP IPs.
I dont seem to have the correct NAS vendor setting for the Meraki Cloud in order to POST the user credentials to the controller. The RADIUS request never gets to ClearPass from the controller.
Has anyone had a successful implementation with Meraki?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: ClearPass Guest with Meraki Wireless
2 weeks ago
You need to use the "Cisco Identity Services Engine (ISE) Authentication" option with a ClearPass MAC auth and WEBAUTH service. The MAC auth service should return back a captive portal URL using a Cisco AV-Pair and the WEBAUTH service should issue a Disconnect after succesful authentication.
| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: ClearPass Guest with Meraki Wireless
2 weeks ago
Thanks Tim! We finally got it going!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: ClearPass Guest with Meraki Wireless
2 weeks ago
OK we thought we had it going, if I set the pre-auth check on the registration page to RADIUS, I get a RADIUS request come into ClearPass. Even if we send an Accept Message and CoA, the client never gets connected to the network.
Is there a setting I need to implement in order to get the request to come in as a WebAuth instead of RADIUS?
Thanks Again
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: ClearPass Guest with Meraki Wireless
2 weeks ago
| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: ClearPass Guest with Meraki Wireless
Monday
Hi Tim,
Thanks again for all the great info, we have this set up and essentially working at this point. However the end user experience is not very clean. Since we are issueing a COA after the webauth, the browser is essentially still finishing the login process (please wait while you are logged into the network). The browser throws an error since we are sending the COA while its loading. The re-auth (MAC auth) then takes place and the user is connected. From the end user perspective, it looks like they are not connected since the browser errors and just hangs there.
Do you have any thoughts on how to clean up that process to the end user?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: ClearPass Guest with Meraki Wireless
Monday
| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: ClearPass Guest with Meraki Wireless
Monday
The only two types of Enforcement profiles that you can select with the Webauth Service is Post Authentication or CoA.
Here is what we are currently sending
Is there a different type of disconnect we should be sending?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: ClearPass Guest with Meraki Wireless
Monday
Use this Disconnect template > https://github.com/aruba/clearpass-radius-dynamic-authorization-templates
| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: ClearPass Guest with Meraki Wireless
Monday
When I try to import that template, i get an error that Vendor ID 29671 is not a valid vendor ID. Is that supposed to be the Vendor ID for Meraki?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator