Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Monitoring user role authentication

This thread has been viewed 4 times

  • 1.  Monitoring user role authentication

    Posted Aug 21, 2018 09:16 AM

    Hi,

    I recently implemented applying different user roles for client authentication in clearpass and controller, is there a way to monitor/track client authentions and displaying appropriate role against their authentication instead of drilling into user output on the controller or clearpass.



  • 2.  RE: Monitoring user role authentication

    EMPLOYEE
    Posted Aug 21, 2018 09:53 AM
    Where are you looking to see this?


  • 3.  RE: Monitoring user role authentication

    Posted Aug 21, 2018 10:21 AM

    In airwave, or aruba controller, what would you recommend?



  • 4.  RE: Monitoring user role authentication

    EMPLOYEE
    Posted Aug 21, 2018 10:41 AM
    The role is visible in both already.


  • 5.  RE: Monitoring user role authentication

    Posted Aug 21, 2018 11:01 AM

    I created a couple of new roles, but they don't seem to be on the list In airwave or controller. Is there a way admins can get an alert when a role is no longer applied after user authentication?



  • 6.  RE: Monitoring user role authentication

    EMPLOYEE
    Posted Aug 21, 2018 11:22 AM

    Where did you create these roles?  Only user debugging on the controller will reveal a user being assigned a default role, because the role passed does not exist.



  • 7.  RE: Monitoring user role authentication

    Posted Aug 21, 2018 11:57 AM
      |   view attached

    In Clearpass and controller. On the controller- dashboard- client link it shows a list of users and one of the column shows the role you will notice it got just three of the 8 user roles created on display,( authenticated, guest and uswitc..AN_Role) I would like to see a display of the appropriate roles applied to users. see attached file.

    As I intend putting it up on the dashboard using airwave.

    Attachment(s)

    docx
    Demo.docx   64 KB 1 version


  • 8.  RE: Monitoring user role authentication

    EMPLOYEE
    Posted Aug 21, 2018 12:09 PM

    There is no direct correlation between the roles in clearpass and the user roles in the controller.  Users get a default role in the controller unless you send a Aruba-User-Role attribute in an enforcement profile on ClearPass to the controller specifying the role you want users to get.  Again, the roles in Clearpass are for ClearPass' own logic and do not directly correlate to roles in the controller.



  • 9.  RE: Monitoring user role authentication

    Posted Aug 21, 2018 06:01 PM

    Yes, I did set an Aruba-User-Role attribute in an enforcement profile on ClearPass to the controller specifying the role I want users to get
    it all works, but am exploring a means to display information showing list of authenticated users with the appropriate custom role applied in own column when the controller is clicked on in airwave monitoring system to view connected devices currently, the role column just shows authenticated, even though the custom user-role is applied.



  • 10.  RE: Monitoring user role authentication

    EMPLOYEE
    Posted Aug 21, 2018 06:30 PM

    That column in Airwave should only have the user's current role, whatever it is.  Please open a TAC case to make sure you have not run into a bug:

    http://www.arubanetworks.com/support-services/support-program/contact-support