Security

Reply
MVP
Posts: 1,392
Registered: ‎05-28-2008

How to? | clearpass guest to send 2 diffrent roles to the controller

Hi Guys,

I have a working guest portal (with access-code) in clear pass guest - and it's working fine in front of a controller with mac caching.

how do i enable the controller to get two diffrent roles (beacause i have users with guest role in cppm and some user with contractor role) .

 

how do i enable clearpass guest to send 2 diffrent roles to the controller - please advise.

 

Thanks,

 

Me

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 721
Registered: ‎03-25-2009

Re: How to? | clearpass guest to send 2 diffrent roles to the controller

Not sure I understand your problem.

 

You can return different user-roles by using different enforcement profiles.

If you are asking about how to make the distinction.. just make sure the contractors have a different role id and use that to sent them the different enforcement profile?

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: How to? | clearpass guest to send 2 diffrent roles to the controller

When you are authenticating guests in CPPM in your enforcement policy you can return the Aruba Radius Attribute "Aruba-User-Role" that will override the default guest role in the controller.  The question is, under what circumstances do you want to return one role, or another...?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,392
Registered: ‎05-28-2008

Re: How to? | clearpass guest to send 2 diffrent roles to the controller

i got username: X1 with guest role in the clearpass (i built a guest user role also on the controller)

and i got username Y1 with contractor role in the clearpass ( i built a contractor user role also on the controller)

 

(in the L3 profile on the controller its guest after captive portal)

 

both of them passing the same captive portal.

 

can u please send me screenshot/example/guide how to configure the right enforcment profile as needed to achive my need.

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: How to? | clearpass guest to send 2 diffrent roles to the controller

role1.png

role2.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,392
Registered: ‎05-28-2008

Re: How to? | clearpass guest to send 2 diffrent roles to the controller

Thanks..

But i want that if Contractor role then ROLE-A on controller

and if Guest role then ROLE-B on the controller.

 

And your screenshot is -  how to send a role to the controller.

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 226
Registered: ‎03-03-2011

Re: How to? | clearpass guest to send 2 diffrent roles to the controller

Assuming you are using the inbuilt Clearpass roles you just need to create an Enforcement Policy which maps the roles to the Enforcement profiles you create like shown by cjoseph:

 

Tips     Role     EQUALS     [Guest]           RADIUS-Guest_Enforcement_Profile

Tips     Role     EQUALS     [Contractor]   RADIUS-Contractor_Enforcement_Profile

 

This policy should be first match.

As long as the guest account has the correct Clearpass role the correct enforcement profile should trigger and this should set the correct Aruba controller role.

David
ACDX #98 | ACMP | ACCP
Guru Elite
Posts: 8,169
Registered: ‎09-08-2010

Re: How to? | clearpass guest to send 2 diffrent roles to the controller

You would use the Guest Role ID.
So if role 1 was contractor and role 2 was guest, you'd simply say:

If GuestRoleID equals 1, contractor profile
If GuestRoleID equals 2, guest profile

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: How to? | clearpass guest to send 2 diffrent roles to the controller

It is the job of the Enforcement Policy to determine what Enforcement Profile is sent to the controller.

 

Enforcement Policy=Use my information about incoming authentication to send an attribute to the controller

Enforcement Profile=That Attribute (in this case, a role).:

 

1.png

2.png

3.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,169
Registered: ‎09-08-2010

Re: How to? | clearpass guest to send 2 diffrent roles to the controller

For a MAC caching authentication, I would use the RoleID number and not the TIPS role.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: