Security

Reply
Frequent Contributor I

Webauth service on Aruba switch

Hi,

 

I am working on wired NAC project where, before 802.1X service kicks in, Onguard agent should check device health. I have created two services (WEBAUTH for Onguard, and RADIUS for 802.1X). 802.1X is enabled on the switch. 802.1X service is referencing Posture (EQUALS, or NOT_EQUALS HEALTHY) in Enforcement Policy.

 

Problem I am experiencing is that in this scenario once I connect my wired client device to the network it never tries to use WEBAUTH service and gets rejected on RADIUS one. If I remove any reference to Posture in EP, both services get hit, but RADIUS first (hence removing any benefit of posture checks before authentication). I am sure I have omitted something in my EPs, but cannot see what. Thanks in advance.

Regards,
NesaM --ACMP, ACCP--
mkk
Contributor II

Re: Webauth service on Aruba switch

Onguard webauth application works AFTER you first authentication.

 

 

So your first enforcement you can see "if health=unknown" enforce quarantine vlan

 

In the quarantaine vlan ongoard agent post his checkup status to onguard webauth, and use COA bounce to reconnect.

 

The next time you connect "if health=healthy" enforce corperate vlan.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: