Security

Hi All,

I've got clearpass configured to onbaord IOS devices using a single SSID.This works fine but what I'd like to happen is at the endof the onbaording process for the iPad to be in the correct role.

I'm sure I can do this with a RADIUS CoA right?

Cheers

James

Nevermind, I think I've got it.

I'll just add a CoA to my byod role on the Onboard Authorisation service.

James,

Make sure in your controller you enable the add switch ip. If that is not checked then the auto reconnect or the connect button will not show up. You should not have to set a bounce for IOS devices.

As tarnold says, you do not need to configure the coa manualy anywhere. It is 'hardcoded' in the process.

You do need to make sure however that your coa is received correctly on your controllers.

Check this with the following commend: show aaa rfc-3576-server statistics.

Hi,

I'm looking to do the same sort of configuration, I have CP working for provisioning but I can't see to get the two roles working depending on if you join the SSID via AD credentials or join the same SSID with TLS and a provisioned cert.

Effectivitly AD auth -> provisioning role and redirect to CP device enrollment page

EAP-TLS -> auth certificate -> full access role

Is there a guide I can follow?