Can someone help to see if I'm doing it right?
- Authenticate Windows clients via MAC address only (MAB).
- Posture check (Anti-virus definitions) via AnyConnect.
Would like to check if below is the correct way to deploy? I've heard that MAB does not work with CoA.
• Client to disable the Windows Wired Autoconfig service (802.1x) so that the client will be subjected to MAB.
• Posture check using anyconnect will kick in next. If posture passes, CoA will be done to change the VLAN to production VLAN. If posture fails, COA will be done to change the VLAN to remediation VLAN.
Ideally if posture with CoA is working with 802.1X then same should work in case of MAB correct?
My understanding is ISE to send CoA to NAD based on Posture results has nothing to do with authentication method used, correct?