I have two seperate CPPM clusters. One for corp and BYOD authentications/Onboarding and another for Guest provisioning and authentication. For security reasons our guest cluster is in a dedicated DMZ. I am wanting to put together a lab to demo NAC authentication with dACL's to some Cisco switches that allow guest and corp users to plug into the same network. I also want to do NAC authentication of corp and guest users on Aruba switches and put then into roles based on who they are. I have a decent idea of how to do all this except one part.
If a guest user plugs into the Cisco switches and the ports are set up to validate who you are to the NAC CPPM servers and lets CPPM knows you are not a corp user then the dACL pushed to the switch will give you rights to what??? How can I make the Cisco port look like an untrusted aruba port so the user has to authenticate to my CPPM guest servers? I would have a requirement to make the user authenticate to the Guest CPPM captive portal page still. Any way to make this work?