Security

Hi,


My environment  is instant-on using Radius authentication with clearpass integrated with AD.

It's working now by log-in SSID with AD user.

Now,I understand how role,role mapping work with Clearpass and mobility controller/IAP.So, The controller can be assign another VLAN where role mapped.

My question is How can I assign vlan mapping without mobility controller/IAP on my network?

Anything I can do with my instant-on and clearpass without mobility controller/IAP?

------------------------------
purinut chuparn
------------------------------

Hi,

What firmware release do you have on the IAP ?

There is parameter to enable Download User Role on IAP or you can send directly a user role with clearpass via VSA

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Feb 06, 2021 10:50 PM
From: purinut chuparn
Subject: Clearpass role without mobility controller/IAP

Hi,


My environment  is instant-on using Radius authentication with clearpass integrated with AD.

It's working now by log-in SSID with AD user.

Now,I understand how role,role mapping work with Clearpass and mobility controller/IAP.So, The controller can be assign another VLAN where role mapped.

My question is How can I assign vlan mapping without mobility controller/IAP on my network?

Anything I can do with my instant-on and clearpass without mobility controller/IAP?

------------------------------
purinut chuparn
------------------------------

Hi alagoutte,

Thanks for your answer. But As I mentioned I do not have any IAP/MC. I do have only Aruba Instant On.

------------------------------
purinut chuparn
------------------------------

Original Message:
Sent: Feb 08, 2021 03:38 PM
From: Alexis La Goutte
Subject: Clearpass role without mobility controller/IAP

Hi,

What firmware release do you have on the IAP ?

There is parameter to enable Download User Role on IAP or you can send directly a user role with clearpass via VSA

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Feb 06, 2021 10:50 PM
From: purinut chuparn
Subject: Clearpass role without mobility controller/IAP

Hi,


My environment  is instant-on using Radius authentication with clearpass integrated with AD.

It's working now by log-in SSID with AD user.

Now,I understand how role,role mapping work with Clearpass and mobility controller/IAP.So, The controller can be assign another VLAN where role mapped.

My question is How can I assign vlan mapping without mobility controller/IAP on my network?

Anything I can do with my instant-on and clearpass without mobility controller/IAP?

------------------------------
purinut chuparn
------------------------------

for me, it is not possible

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Feb 09, 2021 09:02 PM
From: purinut chuparn
Subject: Clearpass role without mobility controller/IAP

Hi alagoutte,

Thanks for your answer. But As I mentioned I do not have any IAP/MC. I do have only Aruba Instant On.

------------------------------
purinut chuparn

Original Message:
Sent: Feb 08, 2021 03:38 PM
From: Alexis La Goutte
Subject: Clearpass role without mobility controller/IAP

Hi,

What firmware release do you have on the IAP ?

There is parameter to enable Download User Role on IAP or you can send directly a user role with clearpass via VSA

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Feb 06, 2021 10:50 PM
From: purinut chuparn
Subject: Clearpass role without mobility controller/IAP

Hi,


My environment  is instant-on using Radius authentication with clearpass integrated with AD.

It's working now by log-in SSID with AD user.

Now,I understand how role,role mapping work with Clearpass and mobility controller/IAP.So, The controller can be assign another VLAN where role mapped.

My question is How can I assign vlan mapping without mobility controller/IAP on my network?

Anything I can do with my instant-on and clearpass without mobility controller/IAP?

------------------------------
purinut chuparn
------------------------------

Instant On is an SMB product and is not designed to be used with an enterprise policy engine like ClearPass Policy Manager. 

You can try using a generic VLAN enforcement profile, but no guarantee it will work.

------------------------------
Tim C
------------------------------

Original Message:
Sent: Feb 06, 2021 10:50 PM
From: purinut chuparn
Subject: Clearpass role without mobility controller/IAP

Hi,


My environment  is instant-on using Radius authentication with clearpass integrated with AD.

It's working now by log-in SSID with AD user.

Now,I understand how role,role mapping work with Clearpass and mobility controller/IAP.So, The controller can be assign another VLAN where role mapped.

My question is How can I assign vlan mapping without mobility controller/IAP on my network?

Anything I can do with my instant-on and clearpass without mobility controller/IAP?

------------------------------
purinut chuparn
------------------------------