Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

assigning variables to filter-id

This thread has been viewed 3 times

  • 1.  assigning variables to filter-id

    Posted Jul 11, 2016 11:22 AM

    Hi,

     

    I'm currently trying to send accounting info to our firewall including the filter-id option for group assignment, but the format it is using is causing me issues. If i put a fixed text string in everything works fine, but as soon as it returns multiple groups dynamically it fails.

    As a workaround solution i was wondering if i could assign a clearpass variable, specifically 'Aruba-user-role' into the filter-id as i know this will only assign one string and should be a viable alternative.

     

     

    thanks.



  • 2.  RE: assigning variables to filter-id

    Posted Jul 14, 2016 11:39 AM

    Well it turns out thats a No. I've tried various solutions over the past few days including writing custom attributes into the end point database, but for some reason accounting does not seem to be able to read any attributes other than those pulled from AD, even the ones in the list of choices under filter-ID. packet captures show they are either sent through blank or invalid.

    Putting a custom attribute in AD seems to be a workable solution to my problem.