About SODA Endpoint Security 545 If the security checks fail, the WX switch can deny the client access tothe network, or grant the client limited access based on a configuredsecurity ACL. When the client closes the Virtual Desktop, the WX switch canoptionally disconnect the client from the network.How SODAFunctionality Workson WX SwitchesThis section describes how the SODA functionality is configured to workwith a WX switch, and the procedure that takes place when a userattempts to connect to an SSID where the SODA functionality is enabled.Note that in the current release, the SODA functionality works only inconjunction with the Web Portal WebAAA feature.SODA functionality on a WX switch is configured as follows:1 Using SODA Manager, a network administrator creates a SODA agentbased on the security needs of the network.2 The network administrator exports the SODA agent files from SODAManager, and saves them as a .zip file.3 The SODA agent .zip file is uploaded to the WX switch using TFTP.4 The SODA agent files are installed on the WX switch using a CLIcommand that extracts the files from the .zip file and places them into aspecified directory.5 SODA functionality is enabled for an SSID that also has Web PortalWebAAA configured.Once configured, SODA functionality works as follows:1 A user connects to a MAP managed by a service profile where SODAfunctionality is enabled.2 Since the Web Portal WebAAA feature is enabled for the SSID, a portalsession is started for the user, and the user is placed in the VLANassociated with the web-portal-ssid or web-portal-wired user.3 The user opens a browser window and is redirected to a login page,where he or she enters a username and password.4 The user is redirected to a page called index.html, which exists in theSODA agent directory on the WX switch.5 The redirection to the index.html page causes the SODA agent files to bedownloaded to the user’s computer.
