Original Message:
Sent: Aug 05, 2024 12:49 PM
From: thiyagi
Subject: About User's Role in ClearPass Policy Manager
I understand. The easiest way to do this would be to create a Network Device Group under Configuration --> Network --> Device Groups based on the Department names and move the corresponding network devices into this group. You can then use the Connection:Src-IP-Address BELONGS_TO_GROUP <GROUP NAME> in the role mapping rules or enforcement conditions to move the clients to the appropriate role.
Let me know if this doesn't work and I'll check if there is an alternative.
Regards,
Thiyagarajan Palanisamy
Original Message:
Sent: Aug 05, 2024 11:42 AM
From: Ha Tran
Subject: About User's Role in ClearPass Policy Manager
Yes, we divide and identify departments based on the IP pool, so I need to use this parameter to assign the Endpoint to its correct Roles. The issue arises when the network admin wants to split the pool into /25 and /26 as I mentioned above.
Original Message:
Sent: Aug 05, 2024 11:08 AM
From: thiyagi
Subject: About User's Role in ClearPass Policy Manager
Hi,
The Connection:Src-IP-Address attribute contains the IP address of the NAD device (switch or WLC) to which the user is connecting/authenticating. Are you sure this is the value you would like to base your decision on?
Regards,
Thiyagarajan
Original Message:
Sent: Aug 04, 2024 10:00 AM
From: Ha Tran
Subject: About User's Role in ClearPass Policy Manager
Hi Herman,
How can i mapping role for user with IP Pool ?
In mapping rule editor i can mapping rule with Connection-Src-IP-Address - contains -- x.x.x. to Role Test. But it's only work with subnet mask 24.
I need to mapping role with smaller subnet, for example:
User A with : Connection - Src-IP-Address 192.168.100.10 to Role TEST1.
User B with : Connection - Src-IP-Address 192.168.100.101 to Role TEST2.
How can i do it, please guide me, tks!
Original Message:
Sent: Jul 10, 2024 05:47 AM
From: Herman Robers
Subject: About User's Role in ClearPass Policy Manager
Yes, you can do that:
Screenshot is from a video that shows how to configure everything: video 1 (screen shot is from video 3 on Onguard).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 09, 2024 11:21 AM
From: Ha Tran
Subject: About User's Role in ClearPass Policy Manager
Can ClearPass Policy Manager dynamically calculate User 1's Role based on Health-Check results?
For example: We need user with Tips: Posture equal Healthy mapping at role Full_Access and when this user violates the policy, meaning the posture result is Quarantine, they should be mapped to the Deny role.