07-22-2015 02:58 AM - edited 07-22-2015 03:09 AM
I have a different vendor NAD's like Aruba, Juniper and Cisco. I have a service to check the health of the user using the On Guard web auth. So when I try with different wired and wireless services, I will be checking the user health status using the On Guard agent, if the user is healthy I will send a COA to move him to the different role.
So the problem is, do I need to create a different service for each vendor or singe service with all COA's?
If I need to create a single On Guard Webauth service with multiple COA's then how I can create the service.
Thanks & Regards,
07-22-2015 03:51 AM
At some point you need to be able to differentiate 'something' to identify the users by different location/NAS-IP/etc.
Based upon that unique setting you will tie that to a different ENFORCEMENT POLICY/PROFILE, the different enforment profiles will use a different CoA template/profile.... but this will still be in the same service definition.
Snr Tech Marketing Engineer - ClearPass
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
07-22-2015 04:01 AM
I have tried by differentiating the web auth service by vendor type it was not working. As the on guard agent will directly talk with the clear pass during the web auth, then how I can create a service with a NAS IP. So I have created all vendors COA under one enforcement policy and tried the service, during that process both the COA’s (Aruba & Juniper COA) are getting delivered to the user but still the user is staying in the same role, if I differentiate the COA it is working fine. If I do in that way all the web auths will hit the first web auth service in the order.
So I need to create a single On Guard Webauth service with multiple COA's or is there is any other way?