Security

Reply
New Contributor

CPPM RADIUS Authenticatiion

Dears,

 

We want to accomplish following by Clear Pass:-

 

users comming from employee SSID need to get different VLANS on the bases of conditions

 

Purpose is to give allow all contents (fb,youtube etc;) for VIP users while others will get blocked access. We have done it with different SSIDs but we want to do it in one SSID. We will use Cisco ACS and ClearPass to get it done.

 

Any suggestions, please...

 

Thanks & Regards

 

 

Guru Elite

Re: CPPM RADIUS Authenticatiion

You would build multiple enforcement profiles that return the Aruba User VLAN VSA. You could also return a user-role that has a VLAN assigned to it in the controller.

 

CP-enforce-vlan-vsa.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: CPPM RADIUS Authenticatiion

Thanks for the reply. But it is still not clear to me. A user joins SSID "abc"  using his active directory user ID, I want Clear Pass to give him role/vlan based on his user ID (staff and exective having different vlans). CPPM can not differentiate users because users are in AD. There should be some sort of mechanism so that RADIUS server can differnciate users and return some string or value which could be used by CPPM to be used in enforcement Policy.

Re: CPPM RADIUS Authenticatiion

 

 

 

You can do the following :

 

You need to make sure CCPM it's already part of the domain and it's able to read attributes from AD , if this is already setup just follow these steps

 

 Create a Role Mapping Screen Shot 2013-07-23 at 8.18.24 AM.png

 

Then add the rules that will match in AD 

Screen Shot 2013-07-23 at 8.19.52 AM.png

 

Create a role 

Screen Shot 2013-07-23 at 8.21.57 AM.png

 

Create an enforcement profile 

Screen Shot 2013-07-23 at 8.24.24 AM.png

 

Add the attributes that you want to match VLAN and USER-ROLE created in the controller

Screen Shot 2013-07-23 at 9.05.36 AM.png

 

Create a enforcement policy and add the enforcement profile already created

Screen Shot 2013-07-23 at 8.25.29 AM.png

 

 

Add the rules to the enforcement policy to match the Role you created under CCPM (AD Test Group)

 

Screen Shot 2013-07-23 at 8.32.43 AM.png

 

And Finally add this role to the Service 

Screen Shot 2013-07-23 at 8.36.58 AM.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: