last person joined: an hour ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).

Downloadable User Role Tunnel and non tunnel configuration

  • 1.  Downloadable User Role Tunnel and non tunnel configuration

    Posted Aug 24, 2020 08:47 PM



    My scenario,


    User Connects to the LAN Switchport with vanil laptop. They should be able to tunnel to the controller to onboard thier laptop with company policy via Microsoft server. 


    Once their onboard is done they should be move back to the corporate network which is locally switched. 



    Aruba switch : 2930F

    Aruba controller

    ClearPass server.


    I have applied following


    Inital role :  Guest role with tunnel to controller

    User role: Corp which is locally switched.


    Working : Fine


    New task to make this both downloadable from clearpass.


    My logic


    Create a DUR role Corp and Guest onthe ClearPass.

    Apply to teh profile where If user pass authentication then use Corp role which is locally switched and if user faile the authentication then user Guest Role which shold tunnel to the controller.


    My qustion:


    What determines on Clearpass which role should be tunneled and which role should be locall switched?


    as on the switch speicific role which is working I have define following


    aaa authorization user-role name "Guest-LUR"
    vlan-id 3650
    tunneled-node-server-redirect secondary-role "authenticated"


    and key word is tunneld-node-server-redirect .. I don't know how to do that on clearpass. 


    Can someone please guide  me how the logic wil be implemented on clearpass so I can achive this?


    Thank you,

    Nilay Vyas.