Security

For our wired ports, we have them authenticate. If 802.1x isnt active it MAC auths (for printers and such) and if its not in a list it will url-redirect them for Onboarding, or click through for Guest Access.  I am already dropping them in a quarentine space.  My issue is the Cisco CoA needed once they successfully Guest auth on the wired network.  I am unsure what I need to put in the web auths enforcement profile that will CoA the port to a Guest network port without the url-redirect remaining on the port. 

Are you just doing a Web login with Anonymous account ?

-

Yep, its a web login with an Anonymous account.  I can see the authentication happen and the profile pushed down.  It just looks like the profile does not do what I need.

This is what you can do:

- First create a custom attribute

- Then create a post_authentication enforcement profile using this custom attribute

- On the enforcement policy of your webauth include the Cisco terminate to CoA the device and also add the post_authentication custom attribute so you can use later on your MAc auth to provide access to the guest user

See if this helps you.

Note: You may need to add 10-25 seconds delay in the weblogin to allow the whole process(CoA, Mac,etc..) to work properly