Security

Reply
New Contributor
Posts: 2
Registered: ‎05-13-2014

clearpass: allow users according to the building

Hello,

I'm trying to configure the clearpass to allow the students (in the schools) and the guests (in some buildings with public rooms).

I don't want that the guests can login in the schools (and the students in the public building).

 

My rule mapping

Role ID equals 1 : student

Role ID equals 2 : guest

 

I configured in clearpass the network devices of the different buildings with different radius shared secret and different location attribute.

 

Now I'm not able to block the user if isn't in the right buildings.

 

Thanks

Best regards 

 

 

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: clearpass: allow users according to the building

If you have an AP group per building (my recommendation), you can use "RADIUS:Aruba:Aruba-AP-Group" value in your policy.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 2
Registered: ‎05-13-2014

Re: clearpass: allow users according to the building

Thank you Tim,

Can you explain me better? 

I dont understand how can help me to block some users in some buildings.

Thanks

 

 

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: clearpass: allow users according to the building

The easiest thing to do would be to duplicate your service and add the AP-group name(s) as a service rule and then put this service higher than the other one. 

 

Then you can have custom enforcement actions for people connecting in those buildings.

 

service-rule-ap-group.PNG


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: