Security

last person joined: 18 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass + Aruba IAP WLAN + allow only the specified username + account pairs

Jump to Best Answer
  • 1.  Clearpass + Aruba IAP WLAN + allow only the specified username + account pairs

    Posted Oct 07, 2019 06:28 AM

    Hi, We are building a test device WLAN.

     

    It would be great if we could allow only the specified device+username pairs. I mean, if the account is X and device is Y, the connection to the WLAN is allowed. But if the device is something else with the account X, the connection is not allowed.

     

    I was thinking that I would create a device with an attribute 'username' and match 'Device:username' to the username provided in RADIUS packets, but I couldn't find a way to do this.

     

    Clearpass 6.8 is used here, authentication against AD and Aruba IAPs as Access Points.

     

    Any thoughts?



  • 2.  RE: Clearpass + Aruba IAP WLAN + allow only the specified username + account pairs
    Best Answer

    Posted Oct 07, 2019 06:36 AM

    Your enforcment policy should look like this

    Screen Shot 2019-10-07 at 4.04.24 PM.png



  • 3.  RE: Clearpass + Aruba IAP WLAN + allow only the specified username + account pairs

    Posted Oct 07, 2019 06:38 AM

    Hi,

    Oh, didn't know that I can access those as %variables% in the rules.

     

    Thanks! I'll give it a try, and it may be just what we need. At least it seems to be suitable in theory. :)

     

    -Olli