Security

Reply
Occasional Contributor II
Posts: 19
Registered: ‎06-01-2015

Clearpass Guest copy a field to a different on on submit

In clearpass guest, on the mactrac_create form I added a new field that is a dropdown menu (I suppply the options) for which vlan to put the user on.   I am wondering if there is a way with jquery (or other) to copy what the users selects to a different field on submit.  So the drop down menu says vlan pick

"10"

"20"

"30"

 

If the user picks 20 I want to copy ",20," to a differnent field for use later in an enforcement policy?  

 

It is a work around because for some reason i can use

,%{GuestUser:vlan}," in an post authentication enforcement profile to write a endpoint attribute but I can not use it to check an attribute.  For example. If I put in a enforment policy

 

Device:Available_MAB_Vlans  CONTAINS  ,%{GuestUser:vlan},

It doesn't work.  So what I do is duplict vlan to a differnet field that is ",vlan," and then I can use that to check the conatins.

Guru Elite
Posts: 8,773
Registered: ‎09-08-2010

Re: Clearpass Guest copy a field to a different on on submit

Do you see the vlan attribute under Administration > Dictionaries >
Attributes with type GuestUser?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 19
Registered: ‎06-01-2015

Re: Clearpass Guest copy a field to a different on on submit

> Do you see the vlan attribute under Administration > Dictionaries >
> Attributes with type GuestUser?


I assume you are addressing the "Service policy" issue and not the jquery question.

Yes, the attribute is there and working fine. I have the policy accessing it and making decisions on it. The issue
seems to be that you can not use a regular expression or text with a variable. For example, currently the policy checks
this and it works fine.

(Device:Available_MAB_Vlans CONTAINS %{GuestUser:vlan})


But if I try to add a regular express or check for the variable and text like this

(Device:Available_MAB_Vlans CONTAINS ,%{GuestUser:vlan},)

It does not work. We have tried regular expressions with the same result. They work without the variable but not with.


What we are doing here is we want to make sure that the vlan the user wants exists in the building. So for each device
we have a list of vlans available. But if we just do the first check vlan 10 matches 100 in the list. So the list is
comma separated and we check to see if vlan ,10, is in the list. The other way at is is to move to 4 digit vlan numbers
like 0010, but that makes the list huge. So as a work around we created a second variable that is ,vlan, and then we
just check that variable. It works but currently the variable is stored in the endpoint database, ideally it would be
in the guestuser database. But on another issue, I can not seem to update the GuestUser:vlan with a post authentication
profile. It always we to build it and says it does it...but never does.
Community Administrator
Posts: 34
Registered: ‎11-01-2012

Re: Clearpass Guest copy a field to a different on on submit

Couldn't you use MATCHES_REGEX instead of CONTAINS? The MATCHES_REGEX condition is quite flexible.

Occasional Contributor II
Posts: 19
Registered: ‎06-01-2015

Re: Clearpass Guest copy a field to a different on on submit

< Couldn't you use MATCHES_REGEX instead of CONTAINS? The MATCHES_REGEX condition is quite flexible.


We ran into the same issue, it works fine with just a regular expression but it does not work if you try to use a
variable (%{GuestUser:vlan) and a regular expression.
Search Airheads
Showing results for 
Search instead for 
Did you mean: