- Reference NAC rules engine to verify the client is hitting the role that was configured for it's use.
- Client was falling through the rule designed to allow staff access based on LDAP end system mapping because user did not belong to correct staff memberOf group.
- Added username to correct memberOf active directory groups, and ran client through registration process.
2. If NAC rules engine is verified to be hitting the correct rule and assigning the correct authorization policy, create this policy on the Identifi Wireless Controller
- Login to the Identifi Wireless Controller
- Configure role that has the same name as the authorization policy used in NAC manager, keeping in mind the role is case sensitive.
- Re-run the test client through registration.
- Right Click on the NAC->Select Webview->Status->Switches and Routers->
- Check Switch Dynamic Information ->SysObjectID This OID may need to be added/or replace the OID of the device currently added into the re-authentication tab in NAC Manager