cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About comdev

Re: custom complaint check

by Kind of a big deal in Developers & APIs
‎08-21-2019 02:22 PM
‎08-21-2019 02:22 PM
I think if it was me I would use FreeRadius, and deploy the SSID using WPA2-Enterprise mode.   I've never heard of  OpSwat, but presumably it has some centralised management console you can query to get the client status.   FreeRadius allows you to run a script when an authentication request comes in.  I would write a request to query the state of  OpSwat from whatever their management console is.  If the state is good let the use on.  If the state is not good perhaps let them on but use the Filter-Id attribute to limit their access to whatever is needed to make their machine compliant.   Another option is to use the Tunnel-Private-Group-ID attribute which lets you drop the user into a different VLAN.  You could then have your firewall configured to treat users in this "remdiation" vlan differently.   This article gives an example of using Filter-Id using NPS: https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply_Group_Policies This article gives a general overview of using RADUS+WPA2-Enterprise and using Filter-Id. https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise ... View more
© 2021 Meraki