Hi,
In order for Onguard to communicate to ClearPass so that a posture classification can be obtained, the clients needs an ip and needs to be able to reach ClearPass, at the same time the client should not be able to access the rest of the network.
This means that i need to create a vlan to assign to endpoints when they first access the network and then bounce the port once the posture has been establish (or not, if the client does not have Onguard), to then force a different vlan. Is this the correct way of doing it, through like a quarantine vlan?
In some instances, when the client would access the network, OnGuard would sit there doing nothing for like forever. I dont understand what is the criteria in which OnGuard trigger the collection of the posture, because if I have random client hanging there with OnGuard doing nothing, ClearPass would live the client in the quarantine. Most of the time thou as soon network connection is established Onguard kicks the posture check immediately.
This is very scary as i will need to roll this out to a couple of hundreds endpoints...
thanks in advance