Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Policy Manager roles/role mapping verses ArubaOS user roles

This thread has been viewed 3 times

  • 1.  ClearPass Policy Manager roles/role mapping verses ArubaOS user roles

    Posted Jul 08, 2012 10:02 PM

    Hi, I have a green fields ClearPass Policy Manager install and an existing Aruba WLAN that needs better security all round. ClearPass will be introducing 802.1X/EAPTLS/RADIUS and the existing ArubaOS needs better user role definition around employee types that have different VLAN separation and firewall policies.

    Reading through the manuals its "seems" like I have two choices with creating roles as both policy manager and controller which leads me to the questions:

    1. Which is best to use?

    2. Can I use both together for wireless access?- for example combine:

             a.  AD wireless group/department group member using Policy Manager along with

             b. A role in controller

    Thanks!

     



  • 2.  RE: ClearPass Policy Manager roles/role mapping verses ArubaOS user roles
    Best Answer

    Posted Jul 08, 2012 10:13 PM

    Roles created on the CPPM are communicated to the Controller for policy implementation.   So you need the same roles in both places...

     

    The roles on the CPPM are a result of authentication workflows and rule-sets,  and the roles reside on the controller to actually-carry-out the seperation and security aspects (be they policies, or yes VLANs too) -after- CPPM roles have been derived for each user/device/user-device combination.

     

    JF