You include all of the Enforcement Profiles in the Enforcement Policy rule.
On each enforcement Profile, you set a Device Group List to which the profile applies to.
------------------------------
Bruce Osborne ACCP ACMP
Liberty University
The views expressed here are my personal views and not those of my employer
------------------------------
Original Message:
Sent: Sep 09, 2024 04:41 AM
From: Ronin101
Subject: Onguard Webauth Service for different switches
Dear Gorazd,
I checked the webauth request in access tracker. NAD ip address is not mentioned. How can i apply filter of device group then?
Original Message:
Sent: 9/9/2024 3:38:00 AM
From: GorazdKikelj
Subject: RE: Onguard Webauth Service for different switches
Hi.
You have several options.
- Create device groups for Cisco, H3C and Aruba swithces and put correct switches into their respective groups. This is usually how I do this so I can use these groups to limit enforcement profiles to specific NAD OS.
- Add attribute to NAD device registration and check for this attribute value. Not very flexible, but can be handy sometime.
Best, Gorazd
------------------------------
Gorazd Kikelj
MVP Guru 2024
Original Message:
Sent: Sep 08, 2024 02:55 PM
From: Ronin101
Subject: Onguard Webauth Service for different switches
Dear Experts,
I have configured 3 x onguard web auth service for Cisco, H3C and Aruba (since all have different CoA). In the service matching criteria, how can i differentiate between a client coming from a cisco switch vs other switches? i have checked the radius input parameters and it doesnt mention the IP address of the NAD.
Or am i doing something wrong?