Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

authenticate clearpass using OU and assign VLAN

This thread has been viewed 2 times

  • 1.  authenticate clearpass using OU and assign VLAN

    Posted Dec 22, 2016 09:12 AM

    Hi experts

     

    we're trying to assign vlan based on OU rather than group membership. Like if computer is in one of these OUs - assign VLAN 100

    if not - go with VLAN 50

     

    it's okay using this with groups, but OUs - needing a new attribute added? 



  • 2.  RE: authenticate clearpass using OU and assign VLAN

    EMPLOYEE
    Posted Dec 22, 2016 09:14 AM

    You can use UserDN ENDS_WITH in your AD/LDAP authorization source.



  • 3.  RE: authenticate clearpass using OU and assign VLAN

    Posted Sep 28, 2018 01:36 PM

    Hi Tim, can you explain that a bit more perhaps with a screen shot of a rule?  "UserDN ENDS_WITH"    then what?

     I saw userDN as an authorization attrubute, but couldnt seem to get anything to act on it since it appears to not be sending anyhting

    Authorization:BPS_LDAP:UserDN

    What I'd like to act on is the top level OU (in this case BPS Computers) as a catch all for domain machines.   ie 

    Authorization:BPS_LDAP:memberOf  EQUALS  BPS Computers

    But I'm not sure if I have to add that to the attribute filter set in the Auth sources?