last person joined: 5 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Radius_CoA - WebAuth Policy

This thread has been viewed 16 times
  • 1.  Radius_CoA - WebAuth Policy

    Posted Sep 01, 2021 09:20 PM
    I am integrating CPPM and Meraki wireless, currently for Guest Access.     A guest user gets redirected to the self-reg guest page, registers, then when they try to log in it does the 10 second count down and then returns back to the guest portal.

    Most of the policy is working correctly, and the guest user is created in the guest user repository and the endpoint is added to the endpoint repository.    If you disconnect from the wireless, and re-connect, you are then connected to the guest network since it knows about the endpoint.

    The issue appears to be the CoA step.  

    My question is, how does the Radius_CoA profile know what NAD to send the message to?      Does it know to pull a certain attribute from somewhere or do we need to specify it as a variable?

  • 2.  RE: Radius_CoA - WebAuth Policy

    Posted Sep 14, 2021 10:21 PM
    CPPM will rely on the Session Info to pull the NAD info as well as the vendor.
    In Server initiated workflow, initial MAC auth should be successful as it will store the info about the NAD in session buckets for later use in WebAuth CoA.
    if the first MAC ( initial MAC Auth ) is rejected, the server will never be able to trigger the CoA due to missing NAD info.

    Global Escalation Center, ACCP | Aruba Software