CPPM OnGuard with Wired 802.1x
02-21-2020 12:04 PM
We are trying to configure CPPM Onguard with a wired-only solution using Aruba 2930 switches (zero wireless clients). Our only licenses are access and onguard (no guest licenses). Also, we only have windows clients.
For simplicity, let's assume the following:
We only have 2 services in the list. The first (top) service is '802.1x' and the other service below it is 'web-based health check only'.
***** When a Windows client first authenticates using .1x and meets the conditions for the top service in the list (.1x service), it gets evaluated by the enforcement policy and hits the condition of Posture NOT-EQUALS HEALTHY because the posture is (UNKNOWN). It then gets the enforcement profile of QUARANTINE.
My main questions are: How does that 'QUARANTINE PROFILE' need to be configured and what should happen after that?
To be more specific, right now we have that QUARANTINE-PROFILE only assigning the private-group-id attribute of the quarantine vlan in our network. What other attributes need to be part of that quarantine-profile? What will trigger the next authentication attempt to skip over the '.1x' service and hit the 'health check service'?
Then, after the HEALTH CHECK service sets the posture token to either 'HEALTHY' or 'UNHEALTHY' and terminates the session, what will trigger the 3rd authentication attempt to hit the .1x service?
Please provide screen shots with an explanation if you can. Thx