cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11714
Views
12
Helpful
10
Comments
Timothy Abbott
Cisco Employee
Cisco Employee

Video Length: 6 minutes

 

Recently, Meraki announced support for RADIUS CoA and URL-Redirect support for the MR platforms.  This short video presentation describes Central Web Auth, shows configuration steps for both products, and finishes with a quick demonstration.  If you are interested in gaining access to these new Meraki features, reach out to your Meraki SE or the Meraki support team to have your network provisioned for the open beta.

Demo Components

  • Meraki MR Access point (in open beta)
  • ISE version 2.0
  • Apple iPhone


Resources

 

Regards,

-Tim

10 Comments
delanajero
Level 1
Level 1

I tried going through these steps with the use of the meraki/ISE integrated guide. However, whenever users try to access the SSID both for mobile and PC, the redirection is not happening and rejects the request. From the ISE live logs it sees the device attempting to log in but not getting any IP, when I called Meraki they said ISE is rejecting the association. How do I proceed?

gbekmezi-DD
Level 5
Level 5

Can you share additional details? Do you see the correct result returned by ISE? Maybe share the authc details from the livelog and configuration screenshot for the ssid from the Meraki Dashboard?

delanajero
Level 1
Level 1

Here it is

ISE_Guest_SSID.jpg

live_logs.jpg

gbekmezi-DD
Level 5
Level 5

I think you may have your authentication policy misconfigured in ISE. Do you have If user not found Continue in the Meraki Policy -> Wireless MAB configuration as the attached screenshot shows?

delanajero
Level 1
Level 1

I am seeing hits on the Authentication policy for Wireless_MAB itself.

gbekmezi-DD
Level 5
Level 5

Yes, you are hitting that policy and it’s rejecting the endpoint. Did you try the change I suggested?

delanajero
Level 1
Level 1

Thanks George that worked, it started redirecting however for some weird reason its not redirecting with iphones and just iphones devices. everything else is fine. Currently on a 3-way call with Meraki and Cisco TAC but so far no luck

gbekmezi-DD
Level 5
Level 5

Probably vide a little more detail about your iphone redirection problem if you can (if it’s not resolved). If it is resolved, share what you learned with the community if you can.

Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

delanajero
Level 1
Level 1

After being placed on hold by meraki support for 2 hours, they just came back to me to advise that whenever iphones associate with the guest SSID to browse to a http and not a https website to redirect them to the AUP. It worked as a work around.

Though after a few days for some reason the guest SSID stopped working again. Users are now getting the sucess login splash page but couldn't browse out the internet.

Jeffrey Jones
Level 5
Level 5

Works great for guest, not so well for BYOD though.

 

JJ

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: