Wireless Access

Reply
Occasional Contributor II

Hi , clearpass policy will override the police defined in user role on the controller, is it correct

Hi , clearpass policy will override the police defined in user role on the controller, is it correct? Anyone can advise, thanks.

Guru Elite

Re: Hi , clearpass policy will override the police defined in user role on the controller, is it cor

If the user-role is defined on the controller, that role and policing will be applied.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Hi , clearpass policy will override the police defined in user role on the controller, is it cor

Hi Tim, thanks for your kind reply.  Here the user role , you mean the initial role or 802.1x role, we are using authentication WPA2, encryption AES, clearpass for authentication.

 AAA profile like below

initial role: logon

802.1x role: deny 

(role "deny" configured on controller, but on clearpass allow all)

Please advise

Thanks

 

 

 

Guru Elite

Re: Hi , clearpass policy will override the police defined in user role on the controller, is it cor

If you're sending back allow-all from the controller, then allow-all is the role the user will get.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Hi , clearpass policy will override the police defined in user role on the controller, is it cor

If I defined initial role "guest" and policy on the controller, then still configure clearpass as authenticator. Like this, will use guest policy (firewall rule) defined on the controller, right?

MVP

Re: Hi , clearpass policy will override the police defined in user role on the controller, is it cor

Yes, the role returned by Clearpass - if any - will determine the role the client get.

Normally you do this by returning a Radius:IETF:Filter-ID or Radius:Aruba:Aruba-User-Role (Radius-CoA).

The role returned has to exist on the Controller

If CoA - you need to have configured RFC-3756 in the AAA profile..

 

 


Regards
John Solberg

-ACMX #316 :: ACCP :: ACSA
Aruba Partner Ambassador
Intelecom Group - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Guru Elite

Re: Hi , clearpass policy will override the police defined in user role on the controller, is it cor

Yes, whatever you send back as the Aruba-User-Role will be used as long as it exists on the controller. If it doesn't exist on the controller, the default role will be used.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Hi , clearpass policy will override the police defined in user role on the controller, is it cor

thanks a lot to both of you.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: