08-25-2017 08:50 AM
I'm hoping to have all devices that fail mac authentication be "accepted" from a login status perspective so I can extend CoA rights to our help desk so after the device is registered it can have it's session terminated.
I made the default Profile "Allow Access Profile" and I created a condition "(Authorization:[Guest Device Repository]:AccountStatus NOT_EXISTS )". But authentication still fails.
I didn't know if I could add a secondary authenitcation source or if there was a way to get creative and say when username = mac then auth but hit a different enforcement policy...
Is this possible to do?
Solved! Go to Solution.
08-25-2017 09:06 AM
You need to use Allow All MAC Auth and add a fail through rule that returns your captive portal role.
| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |