Security

Reply

Role mapping function in lab but not in production

I re-worked my role mapping in my lab where I have 3 services with 3 separate role mappings. All is good.

This is a Clearpass Guest w/ Cisco WLC (server-initiated) setup.

 

Initial mac-auth occurs, users is given a "pre-auth" role on CPPM.

User processes portal, is marked known, COA occurs, user comes back into the same mac auth service but is given back the same pre-auth role and not the proper role for me to push the "ACK ACL" to the controller..

 

I have gone through the configuration up and down to make sure it matches, service rules, policies, profiles, etc..

 

Is there something I might not be checking and I should...

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACCA
[If you found my post helpful, please give kudos!]
Guru Elite

Re: Role mapping function in lab but not in production

You generally don't want to use a role mapping for a session like attribute as it will be cached.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Role mapping function in lab but not in production

Yes makes sense...
Hmm so I'm at a loss because in the lab this all works just fine.

the webauth modifies certain attributes on the endpoint which I check against on the next mac auth..
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACCA
[If you found my post helpful, please give kudos!]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: