02-26-2015 06:23 AM
I am looking to instill some confidence in a University that plans to deploy Clearpass OnGuard for NAC across their Juniper Switch population. Is anyone doing this with success today?
02-26-2015 07:43 AM
I worked on a project using ClearPass Onguard with Avaya/Juniper switches, the issue is that those switches dont support that URL redirect if it is required to redirect the user to download the agent or to a remediation page .
What we end up doing was using the Aruba Controller inline using two VLANs :
- One VLAN to redirect the user to download page if using a NON-DOMAIN devices
- Second VLAN to redirect the user when the device wasn't compliant
For this to work you need to have these VLANs untrusted on another unused port and assigned a AAA Profile to each VLAN :
NOTE: These VLANs need to added all accros the infrastructure , so there's a lot of changes that need to made to make this happen
There's other ways of doing this with DNS tricks but I have not use those.
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA