Hi Kamran,
here are high level steps for your config:
On IC do the following:
1)Create an Active Directory auth server instance on IC and give details of your Domain controller
2)Use this Active Directory auth server as Auth server for your realm (you can use existing Users realm or create a new one)
2)Create two roles on IC. one for users who pass your requirements(like having antivirus updates installed..etc) and one for users who fail your security policy requirements.
3)Create a role mapping rule under realm to map all users to both these roles(I assume this is a test setup and you are not doing any AD group lookups)
4)Create a Host Checker policy which will check for Antivirus signature updates on users PC(or for any other requirement you have)
5)apply this Host Checker policy to one of the roles you created
6)create a location group which uses the default sign-in url (you can use your own sign-in url as well)
7)create a radius client and give details of your 802.1x switch (like IP of switch and make of the switch and a shared secret) and attach it to the location group you configured in step-7
8)create two radius attribute policies on IC. apply one policy(top policy in the list) to role for which you attached Host Checker policy and give a vlan ID (in which you want to put your HC passed users in). apply second radius attribute policy to second role which doesn't need HC and give the VLAN id of your remediation VLAN
on the switch:
1)configure the IC's IP Address as radius server IP and give shared sceret which you configured in step-7 above
2)enable 802.1x on the switch port
on the PC:
1)install the OAC
2)create a profile in OAC and give the details of username/password
3)Add the wired adapter for 802.1x in OAC and 'connect'
I tried to cover all the stuff you asked for at a high level.
let us know how you are going to use ISG-2000 in your test network.
also let us know if you want more help.
Thanks
Manoj
