I worked on a project using ClearPass Onguard with Avaya/Juniper switches, the issue is that those switches dont support that URL redirect if it is required to redirect the user to download the agent or to a remediation page .
What we end up doing was using the Aruba Controller inline using two VLANs :
- One VLAN to redirect the user to download page if using a NON-DOMAIN devices
- Second VLAN to redirect the user when the device wasn't compliant
For this to work you need to have these VLANs untrusted on another unused port and assigned a AAA Profile to each VLAN :
NOTE: These VLANs need to added all accros the infrastructure , so there's a lot of changes that need to made to make this happen
There's other ways of doing this with DNS tricks but I have not use those.