10-08-2014 01:47 PM
For our wired ports, we have them authenticate. If 802.1x isnt active it MAC auths (for printers and such) and if its not in a list it will url-redirect them for Onboarding, or click through for Guest Access. I am already dropping them in a quarentine space. My issue is the Cisco CoA needed once they successfully Guest auth on the wired network. I am unsure what I need to put in the web auths enforcement profile that will CoA the port to a Guest network port without the url-redirect remaining on the port.
Solved! Go to Solution.
10-08-2014 03:24 PM - edited 10-08-2014 03:25 PM
This is what you can do:
- First create a custom attribute
- Then create a post_authentication enforcement profile using this custom attribute
- On the enforcement policy of your webauth include the Cisco terminate to CoA the device and also add the post_authentication custom attribute so you can use later on your MAc auth to provide access to the guest user
See if this helps you.
Note: You may need to add 10-25 seconds delay in the weblogin to allow the whole process(CoA, Mac,etc..) to work properly
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA