Security

Reply
BBB
Occasional Contributor II
Posts: 12
Registered: ‎02-06-2012

Use Clearpass to change Vlan Device in

We have Clearpass Guest and am trying to force clerapass to change the VLAN once the User is Authenticated (same SSID).  I can see that in the Output the New VLAN ID is passed back but doesn't seem to make a difference and the IP address is not changed.

 

Is this possible?  Ifo so, what am I doing wrong?

 

 

Super Contributor II
Posts: 397
Registered: ‎09-05-2012

Re: Use Clearpass to change Vlan Device in

Hey,

 

I could be wrong about this, but I don't think the change of VLAN's will work without a client first diconnecting then reconnecting.

 

For our Onboard we are using two different SSID's and we are able to move users between VLAN's (from provisioning VLAN to BYOD VLAN) without an issue. But in this situation the client gets disconnected then is reconnected.

 

Is there any specific reason you don't want to leave your Guests in the same VLAN?

 

You can leave them in the same VLAN but just have two different roles, an unauthorized role and an authorized role.

Guru Elite
Posts: 8,781
Registered: ‎09-08-2010

Re: Use Clearpass to change Vlan Device in

You would need to add an enforcement policy with a RADIUS Change of Authorization which will disconnect them allowing them to reconnect in the new VLAN assigned in the policy.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: