Controllerless Networks

Hi, 

I am trying to figure out dynamic VLAN assigning with IAP and Clearpass.

In Clearpass I can create a Serivce that enforces different VLANs based on the authentication and user, but then in IAP when I choose VLAN assignment Dynamic I have to make a rule based on some attribute from Clearpass and choose what VLAN that user goes in to.

So then I have configured the VLAN on two places. This doesn't seem right. Is it possible to only configure the VLAN assignment in Clearpass?

I guess the option is to have Clearpass enforce a role to the user and in IAP make a VLAN rule that say "if role = X, send to VLAN Y". But I rather do all that kind of config in Clearpass.

Regards

Philip

You would typically return the Aruba-User-Vlan radius attribute in your enforcement profile on ClearPass to set the VLAN for that user.

So then in IAP I will config: if Aruba-User-Vlan = 10, then assign VLAN 10?

Oh. Then I can only have a default vlan and no other rules?

That's what I wanted to hear! (read)

Thank you verry much.