05-28-2014 07:14 AM
I'm looking for a way to have ClearPass put users in a specific VLAN based on their authentication source and what AP group/system their connected to. Currently, we have a setup as follows:
Campus 1: Faculty VLAN 21, Student VLAN 41
Campus 2: Faculty VLAN 22, Student VLAN 42
Campus 3: Faculty VLAN 23, Student VLAN 43
Campus 4: Faculty VLAN 24, Student VLAN 44
Faculty and Student AD sources are seperate.
Each campus has their own AP-System, and each building in each campus is an individual AP-Group.
I can get ClearPass to put users in their appropriate VLANs for campus 1 based on authentication source. What I realized earlier today is that I haven't considered the other campuses (this is still in a testing phase) and I'm not sure what attributes I would return in ClearPass to insure that someone connecting at campus 4 receives only the VLANs associated with campus 4.
Any insight would be appreciated.
05-28-2014 07:26 AM - edited 05-28-2014 07:31 AM
You can do this in a few ways.
- Different services to handle each campus
- Single service with rules that check for AP group and/or NAD-IP
You would create multiple VLAN enforcement profiles and return them based on your service and enforcement rules.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
05-28-2014 02:56 PM
It looks like I'll need to rewrite some rules but I think I get the direction that I need to head in. Will pop back in if I run into issues.
Incredibly quick and helpful responses from both of you!