Hello i have a question if clearpass becomes unavailible.
I have some specific clients that i want to put in a specific VLAN when clearpass is unreachable. Now im using DUR for the access points at this moment.
So i tried the Critical VLAN feature locally on the switchport. But his is not allowed because i use User roles already.
Now i figured out that i can create another DUR with critical VLAN for this specific clients. Im still need to test if his is supported with DUR but it works with local role.
Now my question is, Besides of the "special clients", what is the best way to configure a fallback option to a guest VLAN for all other clients when clearpass is unavailible? Can this be done in a global way (without overwrite of the specials )?
I know about the fallback with "aaa authentication port-acces eap-radius authorized" But i guess this will put the client in de default VLAN, and i dont want to change this on all ports.
So maybe i have to use the Auth-VID here. But is this the best way to do this in like a global role for all other clients?
Can you advise what is a solid solution for this?