05-05-2016 06:19 AM
This is regarding web-authentication on CPPM. We currently have switches from various OEM's. We are configuring web-auth services and we want to have seperate web-auth services for each of the OEM.
As web-auth is between the client and the clearpass Guest login, the Endpoint has very less attributes to match before the authentication. We have tried differntiating the web servicesprofiles by taking the help of subnet grouping ( identifying the client ip'). We really dont see this as a scalable solution.
What are the possible ways to differentiate webservices for wired users for different OEM's and different OEM's have different AV pairs?
05-05-2016 06:55 AM
Aruba NADs for example) and return multiple enforcement profiles in each
policy. It will then only return the profile appropriate for the NAS.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
05-05-2016 07:15 AM
we thought of this but we are stuck at configuring the default profile. We can have only one default profile and we want to mention a re-auth/terminate session in our default profile. Different vendors have different VSA's for terminating/re-authenticating the sessions, hence how can one default profile suffice.
We are also thking of having seperate URL's for each OEM. Can we create a service rule based on the url and then enforce.