12-17-2014 03:16 AM
New to Aruba, coming from Cisco...i have 1 SSID for example, WIFI and i want the Corporate employess and guests to connect to this SSID, whatever authentication happens, it will be sent to Clearpass box..and based on user credential the Clearpass will put the user in the right vlan.
And based on that Aruba controller will do the routing. I tried to look for help on the internet, but i was not content....Is there any document that walks you step by step on how to do it or if someone can explains it to me.
Appreciate your help and support.
Solved! Go to Solution.
12-17-2014 04:59 AM
I can help you on this,
Here, for any authenticated user a role should be assigned and the user traffic will be controlled according to the policy( Firewall policy) mapped to that role.
In Aruba we can assign a role in 2 different ways,
1. Through AAA profile : dot1x default role
2. Through server ( Clearpass or any other server) generally called SDR or VSA
Priority will be given to SDR/VSA, if SDR is not configured, user will be mapped to the role configured in AAA profile ( dot1x Authentication default role)
If SDR is configure, authenticated user will be assigned a role returned by the server.
here server will return the role name ( can return VLAN also) and we should ensure that the role is defined in the controller ( to create customised roles controller should have PEFNG license installed)
we can configre SDR as shown under :
Here, as per the matching condition user will be assigned to a role ( or a VLAN)
How to create a roles and policies in Aruba controller :
Ways of assigning Role to an Authenticated user :
What is the flow of role assignment :
How to configure SDR ( Server derived Role ) :
Inorder to achieve the above, we should have configured the server properly and which is very similar to Cisco :)
Hope you got some Idea,
Please feelfree to come back if any further help needed on this.
[Is my post helped you ? Give Kudos :) ]
12-17-2014 05:01 AM
12-18-2014 02:28 AM - edited 12-18-2014 02:33 AM
Welcome over to the bright side :)
How do you differentiate your guest users from your corporate users? Are the corporate users in their own source (Active directory for example) and the guest users in Clearpass guest repository?
Or are guests and corporate users in the same authentication source and you differentiate on for example group membership?
Depending on this you want to define role mapping policies and enforcement profiles that classifies who´s a guest and who´s a corporate user and then enforce the right role/vlan to be returned to the controller.
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP