HI Vic.
thanks for your response, let me firt this is my first experience with clearpass, I configure the SERVICE with ONBOARD wizard, this wizard generate 3 services.
I understand the last ONBOARDING provisioning is the service that send back the User-role to the controller, I think I must clone this last one profile and make it changes.
I´ve already configure the dhcp relay in the controller vlan1 to clearpass dhcp broadcast.
let me show you in order what I did with images.
firts I create a test user : galeman with role : SISTEMAS and SISTEMAS-DEP attribute
Then I created a Role Mapping like this one. ( at this point it was missing endpoint repository like a Authorization source in the service ) . now I add endpoint repository like a authentication source
this Role mapping was added to ONBOARDING post-provisioning service.
the enforcement policy used her is the default generated by the wizard.
the enforcement policy generated by the wizard is this one
the allow access profile is just a RADIUS-ACEPT and WIIMAS-ONBOARD post provisioning
send back the autenticated role to the controller.
the other enforcement profile.
I understand that role mapping and posture define the enforcement policy and this last one is defined by enforcement profile.
about the answer you sent fabian about the rules, I think I must generate a new enforcement profile with the rules like yours, is correct ? , If you see something wrong let me know. please any advice will be wellcome.