Security

Reply
Contributor I
Posts: 24
Registered: ‎05-27-2014

Clearpass Guest Role Mapping Issues

For some reason Guest role mapping is not working on our production CP server, but works on our test server.

 

1. Created role "Campus Device"

2. Added to the role [Guest Roles] Role mapping policy.

3. Created a device in CPG with the Role "Campus Device"

4. Have an  enforcement policy that only allows access if the device has the tips role of "Campus Device".

 

Again it works fine on our test server, but not our production server.

 

I've done a screen by screen comparison of the Service, Role Mapping, and Enforcement Policies between the Production and Test Servers and can't find a difference.

 

Thanks.

-Neil

 

--
Neil Johnson
MVP
Posts: 4,020
Registered: ‎07-20-2011

Re: Clearpass Guest Role Mapping Issues

Are you using the Guest Device Repository as an Authorization Source?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 24
Registered: ‎05-27-2014

Re: Clearpass Guest Role Mapping Issues

Yes.

--
Neil Johnson
Guru Elite
Posts: 7,864
Registered: ‎09-08-2010

Re: Clearpass Guest Role Mapping Issues

Do you have the Role ID to TIPS role mapping configured in the role map that is configured in the service?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 24
Registered: ‎05-27-2014

Re: Clearpass Guest Role Mapping Issues

Yes, I'm using the same Role mapping policy "[Guest Roles]".

 

-Neil

 

--
Neil Johnson
Guru Elite
Posts: 7,864
Registered: ‎09-08-2010

Re: Clearpass Guest Role Mapping Issues

Please export an access tracker log for one of the requests and post here.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 24
Registered: ‎05-27-2014

Re: Clearpass Guest Role Mapping Issues

Here you go!

--
Neil Johnson
Contributor I
Posts: 24
Registered: ‎05-27-2014

Re: Clearpass Guest Role Mapping Issues

Just spent an hour on the phone with our promoted SE.

 

Turns out that you should NOT use the Default [Guest Roles] Mapping in Service rules, but create a new, separate Role Mapping (at least that fixed it for us).

 

-Neil

 

--
Neil Johnson
Search Airheads
Showing results for 
Search instead for 
Did you mean: