Security

Reply
Occasional Contributor II

Authentication for role assignment flow chart

For lack of a better term, i'd like to know if anyone has a handy flow chart for authentication.  IE: VSA's trump other authentication for role assignment.  I'm building my notes for my ACMP exam and i want to nail authentication.

 

I've been looking but cannot find a solid chart or graphic or document showing what has precedence over something else.

 

Anyone able to help with this?

Guru Elite

Re: Authentication for role assignment flow chart

Is your question on how the controller handles RADIUS responses or how ClearPass makes policy decisions? 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Authentication for role assignment flow chart

I guess the part i'm most tripped up on is the following:

 

When going from a basic AAA profile and the default 802.1x role, how does the controller discern if a client is going to get either the default Machine role, or the default User role.

 

I've taken the exam a couple times and been confused by this.  I did boot camp, and wouldn't you know i rolled an unbelievable insomnia week the week of the course and some parts are foggy.

 

I understand enforce machine authentication plays a role here, but i'm still not sure how the controller decides if the client is going to get the machine role or the user role.  I realize that the machine role is given if a user hasn't authenticated against something(say an idle machine at the Ctrl Alt Del screen).  But if enforce is turned on what takes precedence if at all?  

 

I also understand that a VLAN Role (Trusted/untrusted port) trumps a AAA profile as well, but i'm still not 100% clear on some of this.  Even a link to the appropriate page in the userguide would be helpful at this time.

Guru Elite

Re: Authentication for role assignment flow chart

Machine and User at the controller level isn’t used when you’re using ClearPass. The role is directly returned by ClearPass. If no role is returned, the AAA profile default 802.1X role is assigned.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Authentication for role assignment flow chart

I'm not talking about clearpass.... sorry if i'm in the wrong forum, but i don't believe Clearpass factors into the ACMP 6.4 Exam.  

Guru Elite

Re: Authentication for role assignment flow chart

Occasional Contributor II

Re: Authentication for role assignment flow chart

I've read that and it helps, i've also just found the following document.

 

https://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/63564/1/Role-Derivation.pdf

 

This is going to help me too.  This exam is tough, and resources are at times very difficult to come across.

 

As noted i'm just trying to cram as much info about it all into my head, i don't wanna fail again.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: