Open as PDF
546 CHAPTER 24: CONFIGURING SODA ENDPOINT SECURITY FOR A WX SWITCH
6 Once the SODA agent files have been downloaded, one of the following
can take place:
a If the WX switch is configured to enforce the SODA agent security
checks (the default), then the SODA agent checks are run on the user’s
computer. If the user’s computer passes the checks, then a
customizable success page is loaded in the browser window. The user
is then moved from the portal VLAN to his or her configured VLAN
and granted access to the network.
b If the WX switch is configured not to enforce the SODA agent security
checks, then the user is moved from the portal VLAN to his or her
configured VLAN and granted access to the network, without waiting
for the SODA agent checks to be completed.
c If the user’s computer fails one of the SODA agent checks, then a
customizable failure page is loaded in the browser window. The user is
then disconnected from the network, or can optionally be granted
limited network access, based on a specified security ACL.
7 At the completion of his or her session, the user can close the SODA
Virtual Desktop or point to an advertised logout URL. Either of these
actions cause a customizable logout page to be loaded in the browser
window. Accessing the logout page causes the user to be disconnected
from the network.
Configuring SODA functionality on a WX switch consists of the following
1 Configure Web Portal WebAAA for the service profile. See “Configuring
Web Portal WebAAA for the Service Profile” on page 547.
2 Using SODA manager, create the SODA agent. See “Creating the SODA
Agent with SODA Manager” on page 547.
3 Copy the SODA agent to the WX switch. See “Copying the SODA Agent
to the WX Switch” on page 549.
4 Install the SODA agent files in a directory on the WX switch. See
“Installing the SODA Agent Files on the WX Switch” on page 549.
5 Enable SODA functionality for the service profile. See “Enabling SODA
Functionality for the Service Profile” on page 550.
6 Specify whether to require clients to pass SODA agent checks to gain
access to the network (optional). See “Disabling Enforcement of SODA
Agent Checks” on page 550.