If there are no differentiating attributes in the RADIUS request, I think you can select authentication servers per profile, and in the authentication server set the NAS-ID, which you can use to select the service or use in your evaluation/enforcement.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 14, 2022 02:57 PM
From: Mark Coelho
Subject: VIA VPN radius flags
Attempting to add a new service to Clearpass that uses Duo MFA. In the short term, goal is to target a specific VPN profile. But I'm having trouble figuring out what RADIUS rules to implement to sort VIA VPN profile authentication attempts as they come in.
There are no Aruba:VIA radius attributes I can find, and I'm not sure what IETF attribute would apply, nor how I'd configure it so the profiles are unique controller-side.
WiFi is easy: just target the SSID. The VPN is giving me more difficulty. Annoyingly, I can find plenty of guides for doing it with a Cisco ASA as my VPN concentrator.