Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Dynamic Comparison in Role Map

This thread has been viewed 0 times

  • 1.  Dynamic Comparison in Role Map

    Posted Mar 13, 2018 12:04 PM

    I'm looking for a way to compare two dynamic values in a role map. I'd like to compare the first four characters of Host:Name with the first four characters of RADIUS:IETF:Called-Station-Id.

     

    Something like "Host:Name begins_with left(%{RADIUS:IETF:Called-Station-ID},4)" would be perfect if an Excel like left() fuction was a thing.

     

    Is something like this possible in a role map or do I need to configure/build something else first to make the role map comparison easier?

     

     



  • 2.  RE: Dynamic Comparison in Role Map

    EMPLOYEE
    Posted Mar 13, 2018 12:36 PM
    What is the use case here?


  • 3.  RE: Dynamic Comparison in Role Map

    Posted Mar 13, 2018 12:41 PM

    My company has several locations. We want to identify when a device moves from one location to another. 



  • 4.  RE: Dynamic Comparison in Role Map

    EMPLOYEE
    Posted Mar 13, 2018 03:49 PM

    Comparing partial values between two dynamic sources is not possible today.



  • 5.  RE: Dynamic Comparison in Role Map

    Posted Mar 13, 2018 05:05 PM

    Do you know if it's possible to create a custom attribute that could be built from %{RADIUS:IETF:Called-Station-ID}? i.e. Taking part of the Called-Station-ID and storing it in Connection:Custom-Attribute?



  • 6.  RE: Dynamic Comparison in Role Map

    EMPLOYEE
    Posted Mar 13, 2018 05:12 PM
    Likely possible with lots of custom SQL.