Actually as I'm writing this, my other services in production are no longer profiling any devices. Is there a way to restart the profiling service?
--------
I'm running into a problem in a new service I'm creating. I'll list the requirements, followed by my current rules. This is an EAP-PEAP-
MSCHAPv2 auth type.
We require SmartDevices to be put on a seperate VLAN from domain computers. We would like SmartDevices to be on the same VLAN as domain computers if the user account has an AD membership that allows this access.
The AD part is all well and good, but I'm having problems with the profiling, as a device that hasn't been profiled can't match many enforcement rules. So for the below rule, if it is a smart device, belongs to this AP group, and is corporate ownership, apply this VLAN.
however if it is the devices first time connecting, it won't have been profiled, and therefore won't hit the right vlan.
Is there a better practice I should be using?
Is there a way to do profiling such as:
endpoint:isProfiled = false, enforce CoA profiling
Any thoughts are greatly appreciated.