Configuring Access Guardian Bring Your Own Devices (BYOD) Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-118
• Quick Connect supports native supplicants on Windows Vista, XP, 7, Apple, and Android devices.
ClearPass OnGuard
ClearPass OnGuard agents perform advanced endpoint posture checking to ensure compliance is met
before the devices connect. The following functionalities are provided:
• Enhanced capabilities for endpoint compliance and control.
• Supports Microsoft, Apple, and Linux operating systems.
• Anti-virus, anti-spyware, firewall checks and more using the persistent or dissolvable agent.
• Optional auto-remediation and quarantine capabilities.
• System-wide endpoint messaging, notifications and session control.
• Centrally view the online status of all devices from the ClearPass Policy Manager platform.
OmniSwitch Integration with UPAM or CPPM for BYOD Support
Consider the following key points regarding OmniSwitch integration with UPAM or ClearPass for BYOD
support:
• The same UNPs and access lists must be configured on both the OmniSwitch and UPAM or CPPM for
proper alignment.
• The RADIUS server configuration on the OmniSwitch must point to the UPAM or CPPM in both
proxy and server cases.
• A redirection server must be configured on the OmniSwitch that points to the UPAM or CPPM.
• Support for the Dynamic Vendor Specific Attribute (VSA) URL redirect is implemented using the
OmniSwitch VSAs. The VSAs must be downloaded and installed on the ClearPass server; refer to the
OmniVista UPAM documentation for information about how VSAs are installed on the UPAM server.
• A port bounce capability is configurable on the OmniSwitch to ensure a clean re-authentication process
for non-supplicant devices.
• A PAUSE timer is configurable to flush out a user context (that is used for a welcome page or other
user context information) on timer expiry.
RFC-3576 Attributes
RADIUS servers and the OmniSwitch can be configured with particular attributes defined in RFC 3576.
These attributes carry specific authentication, authorization, and configuration details about RADIUS
requests to and replies from the server. This section describes the attributes specific to an OmniSwitch
BYOD solution.
Num. CoA Attribute Notes
40 Disconnect-Request Disconnect Request sent by RADIUS/ClearPass server.
• The Disconnect-Request RADIUS message contains the
User-Name or the Calling-Station-ID attribute.
• When the message contains both the User-Name and
Calling-Station-ID, the MAC address is identified based on
the Calling-Station-ID only.
To Next Page
Loading...
