01-22-2015 12:53 PM
We will be using 802.1x authenticaitonon Aruba controller with 802.1 and authentication server being Radius NPS. We have already implemented NPS authentication on the wired LAN with slightly different rules.
I have managed to get user machines to authenticate, however the problem I had is that user attributes like user role, vlan etc. are derived from the NPS policies and implemented for each user individually after user authenticates. I end up in a mess and we can not make any changes on the NPS policy as it is already in use in the wired LAN.
I am struggling ot set up the Aruba controller to ignore all NPS atributes and only use it to authenticate/reject users.
Can you pleae help?
01-22-2015 01:00 PM - edited 01-22-2015 05:30 PM
You can duplicate the policies in NPS (connection request policy, etc) and then restrict the new one to service-type Wireless and your controller's NAS-IP. Then you can make changes to the ruleset that won't affect wired.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
01-23-2015 01:10 AM
Tim, thank you for your response. Is there an option just to get accept/reject from the NPS and ignore all other policies, which I will configure locally on the controller?
It is different team dealing with the NPS and is a bit harder to get things done.