Security

Reply
MVP
Posts: 85
Registered: ‎03-09-2015

ClearPass Radius assign different vlans based on OpenLDAP attribute

I have seen plenty of community posts and directions provided where using an Aruba VSA to an external RADIUS server you can deduce a Vlan identifier.

But what about if CPPM is the RADIUS server (not pointing to an external one) and he is talking to OpenLDAP for authentication and authorisation ?

Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: ClearPass Radius assign different vlans based on OpenLDAP attribute

Yes. This is most deployments. 

You use role mapping to map LDAP attributes to ClearPass roles (TIPS roles), then use those TIPS roles in your enforcement policy to return a VLAN enforcement profile and/or role. 

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: