Yes, I know, it's a difficult topic, but please don't give up.
The port bounce does not happen automatically, you have to configure it. In the web-auth service you have to send either coa in a RADIUS_DynAuthZ or bounce-client in an agent-enforcement-profile. If you use coa, you must also set up Dynamic Authorization in the WLAN. With agent enforcement, the agent bounces the port on the client side independently of Dynamic Authorization. It's a matter of taste, I use the agent variant.
Have you watched any videos of Herman? He explains it very well.
https://m.youtube.com/watch?v=l5Rt2K8KJiE
------------------------------
Regards,
Waldemar
ACCX # 1377, ACEP, ACX - Network Security
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Jul 01, 2024 03:59 AM
From: Razovnyik
Subject: Clearpass Onguard problem
The tricky part is that I have configured this feature already. (Based on the official guide)
And yet the port bounce does not happens :(
Do I have to configure something on the AP - WLAN side? like enable Dynamic Authorization? I did it already, and did not solve it.
Original Message:
Sent: Jun 29, 2024 04:31 AM
From: lord
Subject: Clearpass Onguard problem
When using Onguard there is the following dependency:
1. First WLAN dot.1x-Auth - Posture state is UNKOWN, because no status has yet been transmitted by the agent
2. Web-Auth by the agent - posture status is transmitted, a port bounce must occur at this point so that the posture status can be evaluated.
3. Second WLAN dot.1x-Auth - At this point, the dot.1x service must evaluate the posture code. However, it does not see it because the dot1x-wlan service and the web-auth service do not communicate with each other.
The trick is to activate "Use Cached Results" in the Enforcement tab.
Then the dot.1x-Auth service can read the posture code from the endpoint cache. Then everything works as desired.
------------------------------
Regards,
Waldemar
ACCX # 1377, ACEP, ACX - Network Security
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Jun 28, 2024 05:02 AM
From: Razovnyik
Subject: Clearpass Onguard problem