Location Services

last person joined: 6 days ago 

Location-based mobile app development and Bluetooth-based asset tracking with Meridian. Gathering analytics and business intelligence from Wi-Fi with Analytics and Location Engine (ALE).
Back to discussions
Expand all | Collapse all

Assigning IP addresses to VIA clients based upon certificate info

This thread has been viewed 0 times

  • 1.  Assigning IP addresses to VIA clients based upon certificate info

    Posted Feb 24, 2017 04:58 AM

    My goal is to assign IP addresses from ranges based upon information found in certificates assigned to VIA clients.

     

    VIA Client A provides a certificate for authentication with an OU set to A. It gets assigned an IP address from range x.x.x.x/24.

     

    VIA Client B has a certificate with an OU set to B. It gets assigned an IP address from range y.y.y.y/24.

     

    I have a 7210 mobility controller and Clear Pass. I think Clear Pass is required but I haven't found documentation.

     

    Can somebody provide a link to documentation showing how to do this?

     

    Thanks!



  • 2.  RE: Assigning IP addresses to VIA clients based upon certificate info

    EMPLOYEE
    Posted Feb 24, 2017 05:21 AM

    Are you asking because you have certificate-based authentication between Via and ClearPass working already or you haven't started yet?  It is difficult to give you information to get you to the next step, if you haven't taken any steps yet...



  • 3.  RE: Assigning IP addresses to VIA clients based upon certificate info

    Posted Feb 24, 2017 07:38 AM

    I am trying to gather the information needed prior to configuring anything, this is a greenfield deployment.

     

    I was planning on using this as a template for the initial part of the deployment:

    https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-and-troubleshoot-VIA-with-Suite-B-encryption/ta-p/184538

     

    I have not been able to find out how to assign IP addresses based upon the information found in the certificate and have only been  told I may need to rely on Clear Pass to do this. The link posted does not use Clear Pass.

     

    So, basically, nothing has been done but I have half a clue on how to get it started. If I need Clear Pass, I have one available. If I don't need Clear Pass, I don't have to use it.



  • 4.  RE: Assigning IP addresses to VIA clients based upon certificate info

    EMPLOYEE
    Posted Feb 24, 2017 11:44 AM

    You can return different roles to the controller depending on those conditions.

     

    In each role define the respective vlan and l2tp pool.



  • 5.  RE: Assigning IP addresses to VIA clients based upon certificate info

    Posted Feb 24, 2017 05:14 PM

    Hi Michael,

     

    Is there any documentation showing this?

     

    Thanks!



  • 6.  RE: Assigning IP addresses to VIA clients based upon certificate info

    EMPLOYEE
    Posted Feb 24, 2017 05:50 PM

    You should start with the Via VRD here:  http://community.arubanetworks.com/t5/Validated-Reference-Design/Virtual-Intranet-Access-VIA/ta-p/155614

     

    You should consider VIA and ClearPass as two distinct parts:..  First get a generic VIA install up and running and then introduce clearpass.