Hi, We are building a test device WLAN.
It would be great if we could allow only the specified device+username pairs. I mean, if the account is X and device is Y, the connection to the WLAN is allowed. But if the device is something else with the account X, the connection is not allowed.
I was thinking that I would create a device with an attribute 'username' and match 'Device:username' to the username provided in RADIUS packets, but I couldn't find a way to do this.
Clearpass 6.8 is used here, authentication against AD and Aruba IAPs as Access Points.
Your enforcment policy should look like this
Oh, didn't know that I can access those as %variables% in the rules.
Thanks! I'll give it a try, and it may be just what we need. At least it seems to be suitable in theory. :)
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.