Has anyone successfully deployed a BYOD solution using ISE and Meraki access points? I can't get the blacklist portal to work. Despite sending the Authz profile as:
Access Type = ACCESS_ACCEPT
Airespace-ACL-Name = MERAKI-BLACKLIST
cisco-av-pair = url-redirect=https://ip:port/blacklistportal/gateway?portal=a7123620-2233-11e6-99bb-011056bf55e0
cisco-av-pair = url-redirect-acl=MERAKI-BLACKLIST
It doesn't work. Tried without the Airespace field and with. The log files show the correct policy is matched and the authz is applied.
I have dual SSID. Onboarding SSID using Meraki wall garden for ISE servers - that works OK.
Coporate SSID for devices onboarded gaining full access - works OK.
But blacklisting a device and reconnecting to Corporate SSID doesn't work.
I want the client to redirect to the portal if a device is blacklisted. Not sure if it only works on Meraki doing the walled garden method which the corporate SSID doesn't use.
Any ideas?