We have integrated the Cisco controller with ClearPass. Configured 2 SSID's BYOD and Staff. Now I want to configure Mac auth service with Static host lists on ClearPass for staff and BYOD with separate services. below are the doubts
HiI don't think you will find a document describing your exact case with MAC authentication for both Cisco and FortiGate WLAN controllers.The services should have the Guest Device Repository as the authentication source.To ba able to select a custom role for devices added you must edit the default role mapping policy [Guest Roles]Add two new rules like:(GuestUser:Role ID EQUALS 10001) Staff
(GuestUser:Role ID EQUALS 10002) BYODIn the Guest operator profile you need to grant the profile correct rights to one or both of these roles.
Maybe staff should be able to add both types and consultants just the BYOD. That depends on your use case.In the MAC authentication services you should have a role mapping policy utilizing the roles assigned in the Guest device repository.As an example how to create the service, under Configuration \Service Template & Wizards use the template "Aruba Wireless with MAC Authentication with Device Registration". This template will create a service with both role mapping and enforcement policy. But for Aruba controllers.But the interesting part is to see how the role mapping policy and the different rules in the enforcement policy.You need to create a similar enforcement policy with unique enforcement profiles for Cisco and FortiGate.The role mapping policy can, and should, be the same. This way you only need to maintain one rolemapping policy and as the network should work on the same way regardless of infrastructure vendor you should have the same role mapping policy.
I configured the service like below snaps. when user whose account status is active in guest device repository trying to connect to SSID and gets the correct service called and able to access to network. But when user's account got expired ,user is still able to connected . But when we turn ON/OFF the WI-FI then user got disconnected from the network as per correct service call.So, my query is whether COA is not working properly or I need to add some more rule in policy.Service
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.