Enable sponsor approval confirmation in Receipt actions.

Configure SMTP messaging in the Policy Manager.

Configure a MAC caching service in the Policy Manager.

Configure a MAC auth service in the Policy Manager.

Enable sponsor approval in the captive portal authentication profile on the NAD.

After the RADIUS Access-Request

After the NAS login, but before the RADIUS Access-Request

Before the user can submit the registration form

After the RADIUS Access-Response

After the receipt page is displayed, before the NAS login

Software image

Backup files

Log files

Device fingerprint dictionaries

Posture dictionaries

The device will be disconnected from the network after Onboarding so that an EAP-TLS authentication is not performed.

The device will be disconnected from and reconnected to the network after Onboarding is completed.

The device’s onboard authorization request will be denied.

The device will be disconnected after post-Onboarding EAP-TLS authentication, so a second EAP-TLS authentication is performed.

After logging in on the Onboard web login page, the device will be disconnected form and reconnected to the network before Onboard begins.

A limited access VLAN value is sent to the Network Access Device.

An unhealthy role value is sent to the Network Access Device.

A message is sent to the Onguard Agent on the client device.

A RADIUS CoA message is sent to bounce the client.

A RADIUS access-accept message is sent to the Controller

Configure a TACACS Enforcement Profile on ClearPass for the desired privilege level.

Configure a RADIUS Enforcement Profile on ClearPass for the desired privilege level.

Configure ClearPass as an Authentication server on the network device.

Configure ClearPass roles on the network device.

Enable RADIUS accounting on the NAD.

If HTTPS is used for the web login page, after authentication is completed guest Internet traffic will all be encrypted as well.

During web login authentication, if HTTPS is used for the web login page, guest credentials will be

encrypted.

After authentication, an IPSEC VPN on the guest’s client be used to encrypt Internet traffic.

HTTPS should never be used for Web Login Page authentication.

If HTTPS is used for the web login page, after authentication is completed some guest Internet traffic may be unencrypted.

Image update

System upgrade

Upgrade image

Reboot

Upgrade software

to force the client to re-authenticate upon roaming to a new Controller

to apply firewall policies based on authentication credentials

to validate a host MAC address against a whitelist or a blacklist

to authenticate users or devices before granting them access to a network

to transmit messages to the NAD/NAS to modify a user’s session status

The user will be able to log in and authenticate successfully but will then be immediate disconnected.

The user will be able to log in for the next 4.9. days, but then will no longer be able to log in.

The user will not be able to log in and authenticate.

The user will be able to log in and authenticate successfully, but will then get a quarantine role.

The user will not be able to access the Web Login page.