The CPPM configured to assign Quarantine VLAN to machine authenticated users, and assign the data VLAN to the users once they login (user authenticated and machine authenticated).
So based on the configured settings, before the user enter credentials to login to laptop, the laptop will be machine authenticated and assigned to the quarantine VLAN. And once user enters credentials, then the data VLAN will be assigned based on the assigned user role.
Now if the user password expired, then the system engineer will reset his password, so the user must be able to login to his laptop using the new password because the quarantine VLAN has access to AD server.
The above scenario is working for wired users “laptop assigned to quarantine VLAN before user enter credentials”, but it’s not working for wireless users “laptop not assigned to quarantine VLAN before user enter credentials”.
Although we use the same CPPM policy for wired and wireless setup.
And although in access tracker we can see that CPPM is pushing the quarantine VLAN to WLC.
So is there another required settings, or if there is any other workarounds.