I have a clearpass deployment version 6.7 with cisco firepower firewall. I can send a dACL via enforcement profile upon login, but the health-check is not sending the COA for re-auth after health check. I've gone through all the community posts and I'm not having any luck with the COA. Here is what I understand is supposed to happen.
- Client Connects via Anyconnect
- Authentication is successful
- Health Token unknown
- Enforcement profile sends dACL
- Health Check Occurs
- Health Token set to Healthy
- No COA is sent, and the device is stuck in current state
Also, could you use something like MAC Caching to prevent the user from having to re-authenticate during the bounce like in a guest portal situation? Any help with this would be greatly appreciated!!!
------------------------------
Mitchell Griffin
------------------------------