04-04-2017 11:57 AM
Actually as I'm writing this, my other services in production are no longer profiling any devices. Is there a way to restart the profiling service?
I'm running into a problem in a new service I'm creating. I'll list the requirements, followed by my current rules. This is an EAP-PEAP-
MSCHAPv2 auth type.
We require SmartDevices to be put on a seperate VLAN from domain computers. We would like SmartDevices to be on the same VLAN as domain computers if the user account has an AD membership that allows this access.
The AD part is all well and good, but I'm having problems with the profiling, as a device that hasn't been profiled can't match many enforcement rules. So for the below rule, if it is a smart device, belongs to this AP group, and is corporate ownership, apply this VLAN.
however if it is the devices first time connecting, it won't have been profiled, and therefore won't hit the right vlan.
Is there a better practice I should be using?
Is there a way to do profiling such as:
endpoint:isProfiled = false, enforce CoA profiling
Any thoughts are greatly appreciated.
04-04-2017 12:08 PM
Get Outlook for iOS
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
04-04-2017 12:17 PM
I just tried the CoA again, this time the got profiled. I then deleted the endpoint and tried again. The device failed the CoA.
I tried it again, and it succeeded the CoA, but didn't profile.
I've just done this on 2 different androids with accounts that have the same details. they only profile occasionally, and inconsitently on both devices.
I feel clearpass is acting up
04-04-2017 12:18 PM
04-04-2017 12:38 PM