12-09-2015 04:43 AM
Hi , clearpass policy will override the police defined in user role on the controller, is it correct? Anyone can advise, thanks.
Solved! Go to Solution.
12-09-2015 04:50 AM
12-09-2015 05:01 AM
Hi Tim, thanks for your kind reply. Here the user role , you mean the initial role or 802.1x role, we are using authentication WPA2, encryption AES, clearpass for authentication.
AAA profile like below
initial role: logon
802.1x role: deny
(role "deny" configured on controller, but on clearpass allow all)
12-09-2015 05:18 AM
12-09-2015 05:24 AM
If I defined initial role "guest" and policy on the controller, then still configure clearpass as authenticator. Like this, will use guest policy (firewall rule) defined on the controller, right?
12-09-2015 05:54 AM
Yes, the role returned by Clearpass - if any - will determine the role the client get.
Normally you do this by returning a Radius:IETF:Filter-ID or Radius:Aruba:Aruba-User-Role (Radius-CoA).
The role returned has to exist on the Controller
If CoA - you need to have configured RFC-3756 in the AAA profile..
-ACMX #316 :: ACCP-
Intelecom - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
12-09-2015 05:58 AM