This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
What is stopping us to support Easy Connect along with CWA? According to Configure EasyConnect on ISE 2.1 - Cisco it is not supported.
I sucessfully tested it in my lab by merging the Limited Access Authorization profile with the CWA Authorization profile (adding "Passive ID Tracking" along with a limiting DACL to the normal CWA Authorization Profile and tweaking the URL-Redirect ACL to stop redirection to DC traffic).
Solved! Go to Solution.
Correct. At that point in policy it is simply a MAB auth result (or could even be 802.1X). Only the tracking option in AuthZ Profile will specify whether CoA sent on successful MnT merge of passive ID info. This was one of the core goals of rework done for 2.1 release to ensure EZC was based on standard MAB.
I assume you are specifically asking about the use of same Authorization Profile for dual use case? If asking if CWA can be chained with EZC, then that certainly has not been tested.
Can you provide the screenshot with the policies you applied? We have contractors here that use their own laptop and I think easyconnect + CWA could be used to grant secure access to the network.