Reply
Occasional Contributor I
Posts: 6
Registered: ‎01-01-2017

Assigning IP addresses to VIA clients based upon certificate info

My goal is to assign IP addresses from ranges based upon information found in certificates assigned to VIA clients.

 

VIA Client A provides a certificate for authentication with an OU set to A. It gets assigned an IP address from range x.x.x.x/24.

 

VIA Client B has a certificate with an OU set to B. It gets assigned an IP address from range y.y.y.y/24.

 

I have a 7210 mobility controller and Clear Pass. I think Clear Pass is required but I haven't found documentation.

 

Can somebody provide a link to documentation showing how to do this?

 

Thanks!

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Assigning IP addresses to VIA clients based upon certificate info

Are you asking because you have certificate-based authentication between Via and ClearPass working already or you haven't started yet?  It is difficult to give you information to get you to the next step, if you haven't taken any steps yet...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎01-01-2017

Re: Assigning IP addresses to VIA clients based upon certificate info

I am trying to gather the information needed prior to configuring anything, this is a greenfield deployment.

 

I was planning on using this as a template for the initial part of the deployment:

https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-and-troubleshoot-VIA-with-Suite-B-encryption/ta-p/184538

 

I have not been able to find out how to assign IP addresses based upon the information found in the certificate and have only been  told I may need to rely on Clear Pass to do this. The link posted does not use Clear Pass.

 

So, basically, nothing has been done but I have half a clue on how to get it started. If I need Clear Pass, I have one available. If I don't need Clear Pass, I don't have to use it.

Aruba
Posts: 1,287
Registered: ‎08-29-2007

Re: Assigning IP addresses to VIA clients based upon certificate info

You can return different roles to the controller depending on those conditions.

 

In each role define the respective vlan and l2tp pool.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Occasional Contributor I
Posts: 6
Registered: ‎01-01-2017

Re: Assigning IP addresses to VIA clients based upon certificate info

Hi Michael,

 

Is there any documentation showing this?

 

Thanks!

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Assigning IP addresses to VIA clients based upon certificate info

You should start with the Via VRD here:  http://community.arubanetworks.com/t5/Validated-Reference-Design/Virtual-Intranet-Access-VIA/ta-p/155614

 

You should consider VIA and ClearPass as two distinct parts:..  First get a generic VIA install up and running and then introduce clearpass.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: