Our customer has a requirement to log BYOD sessions based on Username/IP to a syslog server. We are using Meraki APs and I have tested the Meraki splash page, the generated Syslogs do not contain the usernames. Not sure if this can be collated via the API somehow.
We need to use a dedicated radius server that the customer manages. Meraki Splash page can point to this radius server ok and authenticate but the logging isnt right. We do have ISE for corporate authentication, we can point the Meraki splash page to authenticate via ISE. The ISE syslogs include the Username/Passwords. Is there any way of using the ISE guest portal to authenticate to the external radius server? But keeping authorization managed by ISE to present the ISE portal.
It appears that the ISE Portal Authentication Method allows Identity Source Sequences - BUT ... the Identity Source Sequence cannot contain a RADIUS Server Sequences (list of external RADIUS proxy servers). At least - that's the case in ISE 2.7
As far as I know, RADIUS Proxy sequences can only be used/specified in ISE in the standard RADIUS Policy Set (under the Allowed Protocols / Server Sequence) as part of the initial Policy Set definition.