cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

165
Views
0
Helpful
2
Replies
Highlighted
Beginner

ISE & Meraki Guest Integration: URL extraction

I'm implementing ISE on an existing Meraki wireless deployment. I can’t use the “default” integration path for guest wireless as stakeholders are insisting that the traffic must be WPA-2 PSK protected (selecting ISE for the captive portal means having open access). This means that I’m having to fudge redirection to the ISE guest portal using a splash redirect on the Meraki pointing to the ISE portal test URL. The Meraki captive portal deployment guide https://meraki.cisco.com/lib/pdf/meraki_whitepaper_captive_portal.pdf says that:

Meraki will send http://yourwebsite.com/clickthrough.php?base_grant_url=https%00%00%00n00.meraki.com%2Fsplash%2Fgrant&user_continue_url=http%3A%2F%2Fgoogle.com%2F&node_mac=00:18:0a:xx:xx:xx&client_ip=10.128.128.120&client_mac=xx:xx:xx:xx:xx:xx

Let’s assume the client is registered as a guest and completes the GUI logon, then if ISE wants to instruct the Meraki to permit access to the client, return a URL redirect:

GET[‘base_grant_url’] + “?continue_url=” + GET[‘user_continue_url’] + “&duration=3600” (to grant access for one hour).

  1. e.g. https://n16.meraki.com/splash/grant?continue_url=www.google.com&duration=3600

The guide also states that this URL shouldn’t be hardcoded as elements such as that n16 host might change and consequently it’ll all break.

Does anybody know how ISE can extract those parameters passed to it from Meraki (if it’s even possible)?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

ISE will not be able to extract, would recommend working with Meraki team to see if they can support ISE guest with wpa as I know they can with open ssid

https://communities.cisco.com/docs/DOC-68192?mobileredirect=true

Cisco WLC 8.3 code started supported wpa with ISE

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

ISE will not be able to extract, would recommend working with Meraki team to see if they can support ISE guest with wpa as I know they can with open ssid

https://communities.cisco.com/docs/DOC-68192?mobileredirect=true

Cisco WLC 8.3 code started supported wpa with ISE

View solution in original post

Highlighted
Cisco Employee

Please update us on status as well

Content for Community-Ad