The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About comdev
comdev

comdev

New here

Member since Aug 21, 2019

‎08-21-2019

Community Record

3
Posts
0
Kudos
0
Solutions
Topics comdev has Participated In
  • Topics comdev has Participated In
  • Latest Contributions by comdev

Re: custom complaint check

by Kind of a big deal PhilipDAth in Developers & APIs
‎08-21-2019 02:22 PM
‎08-21-2019 02:22 PM
I think if it was me I would use FreeRadius, and deploy the SSID using WPA2-Enterprise mode.   I've never heard of  OpSwat, but presumably it has some centralised management console you can query to get the client status.   FreeRadius allows you to run a script when an authentication request comes in.  I would write a request to query the state of  OpSwat from whatever their management console is.  If the state is good let the use on.  If the state is not good perhaps let them on but use the Filter-Id attribute to limit their access to whatever is needed to make their machine compliant.   Another option is to use the Tunnel-Private-Group-ID attribute which lets you drop the user into a different VLAN.  You could then have your firewall configured to treat users in this "remdiation" vlan differently.   This article gives an example of using Filter-Id using NPS: https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply_Group_Policies This article gives a general overview of using RADUS+WPA2-Enterprise and using Filter-Id. https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise ... View more
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2022 Meraki