Has anybody successfully been able to profile IAP's using a seperate management VLAN and user VLAN using a MAC Auth service?
I am able to profile the IAP and return an enforcement profile using a MAC Auth service that will untag the port for management and tag the port for user traffic. The problem comes when clients associate to the SSID. They successfully perform Radius authentication however when traffic reaches the port on the switch they are sent to the MAC Auth service and to the default enforcement profile associated with it.
I opened at TAC case with a Clearpass Engineer who also brought a Switch Enginner in on the call but so far we have been unable to resolve this. I also engaged a few Aruba SE's but they also have no Ideas so I am hoping that somebody has done this and can let me know how they were able to over come this issue.