09-19-2013 10:21 PM - last edited on 05-13-2014 01:19 PM by Srynearson
We are implementing guest access to our wired network. So, we have configured 802.1x, MAB (Mac address bypass authentication) in switch ports to authenticate the users connecting to it.
So, if a user connects to a switchport and if he fails in both 802.1x and MAB, he is treated as guest user and should be given clearpass guest portal web login page (to create his own account to login).
Normally in CISCO ISE, we have an option to use 'If user_not_found in MAB, ISE will not fail MAB, rather it will send redirect url (of ISE guest portal) to switch to ask the user to login to the guest portal page'. [You could refer to page 4 of the attached document)
So, in clearpass, do we have an option like 'If the user is failing MAB, the clearpass sends the re-direct url to the switch to make the user login to clearpasss guest portal'? I don't find one because if he is failing MAB, the only option we're left is to use switch's internal web page (web-auth - fallback method for MAB).
Any service/enforcement policy needs to be created for this to accomplish? Please help.
Solved! Go to Solution.