Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎02-08-2016

block account based on AP group

So I have a 7240 and Clearpass for RADIUS on the K12 network I administer. I have all of my buildings APs in AP groups. Some of the building have a generic login that younger students use to login. I would like to make it so each buildings generic account can only be logged in if they are associated with that buildings AP group. I am sure this is something Clearpass can do but am unsure how. Thanks for any help.

MVP
Posts: 4,225
Registered: ‎07-20-2011

Re: block account based on AP group

You can create a role mapping based on the Aruba attribute Aruba-AP-Group:
Aruba : Aruba-AP-Group : ClearPass TIPS Role (Building Name / AP-GROUP)


And then on your enforcement policy you can use that in your logic:

- Tips > role equals ClearPass TIPS Role (Building Name / AP-GROUP)

- Authentication > Full-Username equals Generic Account
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: