07-04-2017 03:31 PM
What is stopping us to support Easy Connect along with CWA? According to Configure EasyConnect on ISE 2.1 - Cisco it is not supported.
I sucessfully tested it in my lab by merging the Limited Access Authorization profile with the CWA Authorization profile (adding "Passive ID Tracking" along with a limiting DACL to the normal CWA Authorization Profile and tweaking the URL-Redirect ACL to stop redirection to DC traffic).
Solved! Go to Solution.
07-04-2017 03:47 PM
What you did sounds very reasonable, but CWA + Easy Connect has not been tested by our product teams. The doc is written by TAC so I would suggest you to either leave a feedback at the doc site or contact him directly.
07-04-2017 03:47 PM
What you did sounds very reasonable, but CWA + Easy Connect has not been tested by our product teams. The doc is written by TAC so I would suggest you to either leave a feedback at the doc site or contact him directly.
07-06-2017 06:49 AM
Correct. At that point in policy it is simply a MAB auth result (or could even be 802.1X). Only the tracking option in AuthZ Profile will specify whether CoA sent on successful MnT merge of passive ID info. This was one of the core goals of rework done for 2.1 release to ensure EZC was based on standard MAB.
I assume you are specifically asking about the use of same Authorization Profile for dual use case? If asking if CWA can be chained with EZC, then that certainly has not been tested.
09-06-2018 03:38 AM
Hi, Rovargas,
Can you provide the screenshot with the policies you applied? We have contractors here that use their own laptop and I think easyconnect + CWA could be used to grant secure access to the network.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide