Jason, could you expand on this option? I'm trying to get DHCP renew working well for wired guest.
My aim:
port has 802.1x falling back to MAB.
start in VLAN 150, move Guest to VLAN 400, Corp to 500.
[ignoring the Corp part here as only have a problem with Guest]
Authz Rules:
- Guest_Access: if IG=GuestEndpoints then result = Guest (set VLAN 400)
- Redirect_To_Hotspot: if Guest_Flow then result = Hotspot (Redirect to Hotspot portal (sets IG=GuestEndpoints, no AUP, CoA=Terminate))
- Redirect_To_CWA: if Wired_MAB then result = WebAuth (Redirect to CWA (Self Reg Guest) portal (device reg disabled, AUP, success URL set to force HTTP GET so HotSpot kicks in))
It runs through the policy quite nicely but the change of VLAN is not detected by the client. So far the best result i have is from setting a very short DHCP lease (2 minutes) in VLAN 150 - then, approx 16 pings time out from a continuous ping.
In Admin > System > Settings > Profiling the CoA is set to Reauth. I tried Port Bounce but the client didn't see that (perhaps because it's a VM). Also the CoA option on the Hotspot portal (Reauth or Terminate) doesn't appear to make any difference.
I am aware of the SmartPort Macro option but that requires certain switch models, and i want a more general solution.
I've seen a few references by you to a 3-rule solution but can't find or work out the detail.
G
After guest successful registered and authenticated you can add other profile and change there vlan too.
