Security

last person joined: 10 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass roles

This thread has been viewed 5 times

  • 1.  Clearpass roles

    Posted Dec 07, 2016 03:23 PM

    Hello i was trying to set up in clearpass that it assign a role i want on the controller

    I already got on the dropdown on the clearpass guest all the roles i want

    So i create a new guest user and i assign it a role

    That role got a number like

    the 3 default ones

    Contractor 

    guest =2

    employee =3

    Andi added a new one

    3MB = 5

     

    So i create the service i need  for that

    Depending on which roles it get he will get the enforment profiles that i want.

    Anyways

    Clearpass.PNG|As you see im getting the roles 3MB that i know that it should be there because when i created the account i selected that role so its sending that role.  What i dont understand is why its assigning [Guest] and [user authenticated] role, where he is getting those roles?  this do affect  the evaluation of which enforment profile use( for example it was assigning a enforment profile that sue [guest]  so at the end i had to move the enforment profile that use [3MB] before that one(what im doing is working, but i want to understand where im getting that [guest] role??

    it is assigned by default? and i ll always get it? or how can i see why he is getting that role?

    i dont use too much clearpass so im kind of  lost here.

     

    Cheers

    Carlos



  • 2.  RE: Clearpass roles

    EMPLOYEE
    Posted Dec 07, 2016 03:26 PM

    [User Authenticated] is an internal tag given to requests that pass a user authentication.

     

    Can you provide a screenshot of your role map and and enforcement policy?



  • 3.  RE: Clearpass roles

    Posted Dec 07, 2016 03:32 PM

    sure Here they are

    rolemapping.PNG

    enforment policy.PNG



  • 4.  RE: Clearpass roles

    EMPLOYEE
    Posted Dec 07, 2016 03:36 PM
    Your config looks correct. Were you testing both sets back to back? The role
    could have just been cached.


  • 5.  RE: Clearpass roles

    Posted Dec 07, 2016 03:43 PM

    I had it like this before

    enforment policy before.PNGIf you see the tips equials guest was first, so  i was getting the device with guest role instead of 3MB role...

    Like you saw in the access tracker i showed you as it was getting the guest, 3mb roles, he was assigning the wrong enforment profile...

    But what i dont understand is why he is putting the [Guest] role in first place.

    user.PNGThe only role he should get is the 3mb role as its the one i already picked wheni created the user. or at least that what i though, but when i saw the access tracker i saw that he was assigning also the [Guest] role..

     

    Do you know why he is doing that?

     

    Cheers

    Carlos