cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
241
Views
0
Helpful
3
Replies
Contributor

new-style commands for central web-auth

Hi Experts,

Seems that Cisco will be moving to using C3PL more and more. I was going through the following documentation to learn more about new-style of configuration here

This documentation does explain how to get to do this C3PL configuration for dot1x and MAB. I was looking for some more examples on configuring posture and CWA from the switch.

Could anyone please redirect me to some more articles that talk about posture configuration and CWA using this new-style of configurations and use of the new-style commands.

Everyone's tags (2)
3 REPLIES 3
Highlighted
Cisco Employee

Re: new-style commands for central web-auth

Did you see the prescriptive guest guide under http://cs.co/ise-guest

Contributor

Re: new-style commands for central web-auth

I went through the document, but it still did not answer my question regarding setting up CWA using new-style of commands.

I am looking for such a document that gives pointers to commands of configuring the switch using C3PL for CWA and Dot1x

Everyone's tags (3)
Cisco Employee

Re: new-style commands for central web-auth

CWA is extension of MAB. It authenticates unknown MAC address and simply assigns redirect ACL and URL redirect string values as part of authorization to make webauth work. If you follow the document and configure ISE for CWA, should be enough to get CWA working on the switch with C3PL. It is similar for posture, only difference is posture is leveraging 802.1X instead of MAB to assign redirect ACL and URL redirect string values. Here is link to more recent guide for IBNS 2.0 (C3PL):

https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515