Hello Guys
It is possible to do this?
i got this scenario
1 company in 2 countries
In one country, which is the one i am, lets name it country A. They want to use onguard(they got license only for their devices)
This country got their own Clearpass and their own wireless controller
The other country, country B, have their own clearpass and also their own controller but they dont have clearpass onguard license
Both countries will use 802.1x EAP PEAP.
Situation:
Country B have their own controller and their own clearpass to let the users in their country to get the network using eap peap and they authenticate with their clearpass and just users in a group of their AD can get in.
They also added the domain controller of Country A so they could tell in their policies which users are allow to join their network when users from country A visit country B
Now
In country A i will need to have to do something similar as some users of country B comes to country A. I will need to join their domain also. Our clearpass will have country A and country B domain.
i would like to know if i could make a service decision based in the authentication source. For example if someone from country B visit us, it will be a policy that authenticate with EAP PEAP and that will not have any onguard policy. And ill have another policy for our users that will have onguard
I saw that in the service i can punt a rule based on authentication source, i was wondering if that works
Or i dont know if im complicating ths too much and i could just put it in one service and just in the enforment conditions to tell if the user is using this authenticating source then just do this. But im not sure if the "Use cached Roles and Posture attributes from previous sessions" will affect in any way if i got both things on the same service.
Cheers
Carlos