06-14-2013 10:48 AM
We have Clearpass Guest and am trying to force clerapass to change the VLAN once the User is Authenticated (same SSID). I can see that in the Output the New VLAN ID is passed back but doesn't seem to make a difference and the IP address is not changed.
Is this possible? Ifo so, what am I doing wrong?
06-14-2013 10:56 AM
I could be wrong about this, but I don't think the change of VLAN's will work without a client first diconnecting then reconnecting.
For our Onboard we are using two different SSID's and we are able to move users between VLAN's (from provisioning VLAN to BYOD VLAN) without an issue. But in this situation the client gets disconnected then is reconnected.
Is there any specific reason you don't want to leave your Guests in the same VLAN?
You can leave them in the same VLAN but just have two different roles, an unauthorized role and an authorized role.
06-14-2013 11:38 AM
You would need to add an enforcement policy with a RADIUS Change of Authorization which will disconnect them allowing them to reconnect in the new VLAN assigned in the policy.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP