For our wired ports, we have them authenticate. If 802.1x isnt active it MAC auths (for printers and such) and if its not in a list it will url-redirect them for Onboarding, or click through for Guest Access. I am already dropping them in a quarentine space. My issue is the Cisco CoA needed once they successfully Guest auth on the wired network. I am unsure what I need to put in the web auths enforcement profile that will CoA the port to a Guest network port without the url-redirect remaining on the port.
Are you just doing a Web login with Anonymous account ?
Yep, its a web login with an Anonymous account. I can see the authentication happen and the profile pushed down. It just looks like the profile does not do what I need.
This is what you can do:
- First create a custom attribute
- Then create a post_authentication enforcement profile using this custom attribute
- On the enforcement policy of your webauth include the Cisco terminate to CoA the device and also add the post_authentication custom attribute so you can use later on your MAc auth to provide access to the guest user
See if this helps you.
Note: You may need to add 10-25 seconds delay in the weblogin to allow the whole process(CoA, Mac,etc..) to work properly
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.