hello everyone,
am facing issue on deployin clearpass onguard cisco wired url-redirect,
customer doesnt want to push onguard .msi file from AD as gpo , they want to clearpass and cisco to redirect them to web loging page to install the onguard agent,
so far we did it ,
we have one clearpass connected to core switch and we complete all wireless services and working fine,
we have 2 cisco switch ,
one of them connected direct to core switch and its working perfect with url-redicrecting on web loging page to download the onguard.
second one is connected to disribution switch and its pingable to core and clearpass , but doesnt redirect to web login page,
we have created extend access list on l2 cisco switch which is connected to distribution as below;
ip access list extend cppm
deny tcp any host 'clearpass ip"
permit tcp any any
we've created the services and enforcment profile,as below:
one of the rule in enforcment poliyc is chcking if the onguard is installed or no:
tips posture equal uknown --->>> onguard-redirect enforcment profile
onguard -redirect enforcment profile as below:
cisco avp-air url-redirect-acl=cppm
cisco avp-air url-redirect=https://" clearpasip/web/onguard.php
l2 switch with no gw configured just vlan ids and trunk to distribution,
do we need to assign gw of core to l2 switch ?
we can see the dot1x is done on access trucker but we cant redirect to url on 2nd switch
thanks