Frequent Contributor II

Webauth service on Aruba switch



I am working on wired NAC project where, before 802.1X service kicks in, Onguard agent should check device health. I have created two services (WEBAUTH for Onguard, and RADIUS for 802.1X). 802.1X is enabled on the switch. 802.1X service is referencing Posture (EQUALS, or NOT_EQUALS HEALTHY) in Enforcement Policy.


Problem I am experiencing is that in this scenario once I connect my wired client device to the network it never tries to use WEBAUTH service and gets rejected on RADIUS one. If I remove any reference to Posture in EP, both services get hit, but RADIUS first (hence removing any benefit of posture checks before authentication). I am sure I have omitted something in my EPs, but cannot see what. Thanks in advance.


Re: Webauth service on Aruba switch

Onguard webauth application works AFTER you first authentication.



So your first enforcement you can see "if health=unknown" enforce quarantine vlan


In the quarantaine vlan ongoard agent post his checkup status to onguard webauth, and use COA bounce to reconnect.


The next time you connect "if health=healthy" enforce corperate vlan.

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Search Airheads
Showing results for 
Search instead for 
Did you mean: