Security

Reply
Occasional Contributor II
Posts: 25
Registered: ‎01-07-2015

How to create a single On Guard Webauth service with multiple COA's

[ Edited ]

Hi,

 

I have a different vendor NAD's like Aruba, Juniper and Cisco. I have a service to check the health of the user using the On Guard web auth. So when I try with different wired and wireless services, I will be checking the user health status using the On Guard agent, if the user is healthy I will send a COA to move him to the different role.

 

So the problem is, do I need to create a different service for each vendor or singe service with all COA's?

If I need to create a  single On Guard Webauth service with multiple COA's then how I can create the service.

 

Please help.

 

Thanks & Regards,

PRASANTH.

Moderator
Posts: 470
Registered: ‎11-09-2012

Re: How to create a single On Guard Webauth service with multiple COA's

At some point you need to be able to differentiate 'something' to identify the users by different location/NAS-IP/etc.

 

Based upon that unique setting you will tie that to a different ENFORCEMENT POLICY/PROFILE, the different enforment profiles will use a different CoA template/profile.... but this will still be in the same service definition. 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor II
Posts: 25
Registered: ‎01-07-2015

Re: How to create a single On Guard Webauth service with multiple COA's

Hi,

I have tried by differentiating the web auth service by vendor type it was not working. As the on guard agent will directly talk with the clear pass during the web auth, then how I can create a service with a NAS IP. So I have created all vendors COA under one enforcement policy and tried the service, during that process both the COA’s (Aruba & Juniper COA) are getting delivered to the user but still the user is staying in the same role, if I differentiate the COA it is working fine. If I do in that way all the web auths will hit the first web auth service in the order.
So I need to create a single On Guard Webauth service with multiple COA's or is there is any other way?

 

Regards,

PRASANTH.

Search Airheads
Showing results for 
Search instead for 
Did you mean: