cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to Configure Central Web Auth with Meraki Wireless and ISE

3829
Views
12
Helpful
9
Comments
Cisco Employee

Video Length: 6 minutes

 

Recently, Meraki announced support for RADIUS CoA and URL-Redirect support for the MR platforms.  This short video presentation describes Central Web Auth, shows configuration steps for both products, and finishes with a quick demonstration.  If you are interested in gaining access to these new Meraki features, reach out to your Meraki SE or the Meraki support team to have your network provisioned for the open beta.

Demo Components

  • Meraki MR Access point (in open beta)
  • ISE version 2.0
  • Apple iPhone


Resources

 

Regards,

-Tim

9 Comments
Beginner

I tried going through these steps with the use of the meraki/ISE integrated guide. However, whenever users try to access the SSID both for mobile and PC, the redirection is not happening and rejects the request. From the ISE live logs it sees the device attempting to log in but not getting any IP, when I called Meraki they said ISE is rejecting the association. How do I proceed?

Contributor

Can you share additional details? Do you see the correct result returned by ISE? Maybe share the authc details from the livelog and configuration screenshot for the ssid from the Meraki Dashboard?

Beginner

Here it is

ISE_Guest_SSID.jpg

live_logs.jpg

Contributor

I think you may have your authentication policy misconfigured in ISE. Do you have If user not found Continue in the Meraki Policy -> Wireless MAB configuration as the attached screenshot shows?

Beginner

I am seeing hits on the Authentication policy for Wireless_MAB itself.

Contributor

Yes, you are hitting that policy and it’s rejecting the endpoint. Did you try the change I suggested?

Beginner

Thanks George that worked, it started redirecting however for some weird reason its not redirecting with iphones and just iphones devices. everything else is fine. Currently on a 3-way call with Meraki and Cisco TAC but so far no luck

Contributor

Probably vide a little more detail about your iphone redirection problem if you can (if it’s not resolved). If it is resolved, share what you learned with the community if you can.

Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

Beginner

After being placed on hold by meraki support for 2 hours, they just came back to me to advise that whenever iphones associate with the guest SSID to browse to a http and not a https website to redirect them to the AUP. It worked as a work around.

Though after a few days for some reason the guest SSID stopped working again. Users are now getting the sucess login splash page but couldn't browse out the internet.