Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Guest copy a field to a different on on submit

This thread has been viewed 2 times

  • 1.  Clearpass Guest copy a field to a different on on submit

    Posted Nov 29, 2016 10:59 PM

    In clearpass guest, on the mactrac_create form I added a new field that is a dropdown menu (I suppply the options) for which vlan to put the user on.   I am wondering if there is a way with jquery (or other) to copy what the users selects to a different field on submit.  So the drop down menu says vlan pick

    "10"

    "20"

    "30"

     

    If the user picks 20 I want to copy ",20," to a differnent field for use later in an enforcement policy?  

     

    It is a work around because for some reason i can use

    ,%{GuestUser:vlan}," in an post authentication enforcement profile to write a endpoint attribute but I can not use it to check an attribute.  For example. If I put in a enforment policy

     

    Device:Available_MAB_Vlans  CONTAINS  ,%{GuestUser:vlan},

    It doesn't work.  So what I do is duplict vlan to a differnet field that is ",vlan," and then I can use that to check the conatins.



  • 2.  RE: Clearpass Guest copy a field to a different on on submit

    EMPLOYEE
    Posted Nov 29, 2016 11:06 PM
    Do you see the vlan attribute under Administration > Dictionaries >
    Attributes with type GuestUser?


  • 3.  RE: Clearpass Guest copy a field to a different on on submit

    Posted Nov 30, 2016 08:39 AM
    > Do you see the vlan attribute under Administration > Dictionaries >
    > Attributes with type GuestUser?


    I assume you are addressing the "Service policy" issue and not the jquery question.

    Yes, the attribute is there and working fine. I have the policy accessing it and making decisions on it. The issue
    seems to be that you can not use a regular expression or text with a variable. For example, currently the policy checks
    this and it works fine.

    (Device:Available_MAB_Vlans CONTAINS %{GuestUser:vlan})


    But if I try to add a regular express or check for the variable and text like this

    (Device:Available_MAB_Vlans CONTAINS ,%{GuestUser:vlan},)

    It does not work. We have tried regular expressions with the same result. They work without the variable but not with.


    What we are doing here is we want to make sure that the vlan the user wants exists in the building. So for each device
    we have a list of vlans available. But if we just do the first check vlan 10 matches 100 in the list. So the list is
    comma separated and we check to see if vlan ,10, is in the list. The other way at is is to move to 4 digit vlan numbers
    like 0010, but that makes the list huge. So as a work around we created a second variable that is ,vlan, and then we
    just check that variable. It works but currently the variable is stored in the endpoint database, ideally it would be
    in the guestuser database. But on another issue, I can not seem to update the GuestUser:vlan with a post authentication
    profile. It always we to build it and says it does it...but never does.


  • 4.  RE: Clearpass Guest copy a field to a different on on submit

    Posted Nov 30, 2016 04:28 PM

    Couldn't you use MATCHES_REGEX instead of CONTAINS? The MATCHES_REGEX condition is quite flexible.



  • 5.  RE: Clearpass Guest copy a field to a different on on submit

    Posted Nov 30, 2016 04:32 PM
    < Couldn't you use MATCHES_REGEX instead of CONTAINS? The MATCHES_REGEX condition is quite flexible.


    We ran into the same issue, it works fine with just a regular expression but it does not work if you try to use a
    variable (%{GuestUser:vlan) and a regular expression.