Security

Reply
Valued Contributor I

Role mappping - using a previously defined Role to generate another one

In a role mapping file I've got an entry that defines whether a client endpoint is an allowable airgroup device and assign a locallly defined roll to it of "Airgroup Shared Device" ( see below ) 

and have set up an equivalent for games consoles.

 

I'm setting up a WPA2-PSK network only for either "Airgroup Shared Devices" or "Game Consoles" and want to create a Role called "UoY PSK Device" where the logic is 

 

if (Radius:Aruba:essid = "airgroups-psk" AND ( Role=Airgroup Shared Device OR Role="Game Console") )Then assign role " UoY PSK Device"

 

Can I create the above ? in a Role mapping file that also defines the OR components?

 

Failing that, could I do

if (Radius:Aruba:essid ="airgroups-psk" AND Role=Airgroup Shared Device) then .... 

 

and repeat it for games consoles.

 

Role mapping entries only seem to be if and..and..and... or IF...or...or

 

Rgds

Alex

 

44.(Authorization:[Endpoints Repository]:Device Name  CONTAINS  Apple TV) 
OR  (Authorization:[Endpoints Repository]:OS Family  CONTAINS  Chromecast) 
OR  (Authorization:[Endpoints Repository]:OS Family  CONTAINS  Roku) 
OR  (Authorization:[Endpoints Repository]:Device Name  EQUALS  Amazon FireTV) 
OR  (Authorization:[Endpoints Repository]:OS Family  CONTAINS  Sonos) 
OR  (Endpoint:UoY_Airgroup_Shared_Server_Device_v2  EQUALS  true) 
OR  (Authorization:[Endpoints Repository]:OS Family  EQUALS  Solstice) 
OR  (Authorization:[Endpoints Repository]:Device Name  EQUALS  Amazon Echo)

 

Valued Contributor I

Re: Role mappping - using a previously defined Role to generate another one

ok. found the "belongs to statement" so i can build if ssid=... and client belongs to < list of categories or devicve types> which will do

A

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: