Scenario: (controller based)
User associated to WLAN, gets a pre-auth role, passes external captive portal (not clearpass), we push down a new role to allow internet access, etc.. (called split_user).
VAP is configured as split_tunnel.
Can we from our NAC solution push down a role based on the MAC address we see, push a a user role that will make this user full tunnel? Can this done by ACLs?
Do I need clearpass for this?
I guess the same would be for IAPs...if possible