Probably this question have been addressed previously.
I would like to provide a different role and vlan to student based on AP-Group on the same SSID.
Basically if the student is in the classroom = Student Role
Student is now at the dorms = Studentdorm Role
This way i can provide a different vlan addressing and firewall policies to students on campus.
On clearPass the long way to do this is the create a separate service and then match the incoming request on ap-group but then you have to create a new enforcement profile and push the roles. (Duplicate work)
Can i do this within one Clearpass service configuration and do the classification on the enforecment profile? if so how?
Currently i have Clearpass 802.1x service configurated matching the SSID then the enforecment profile based on AD membership groups. The problem is that on AD all campus student fall wihin the same group. So i need to find another way to differentiate a student in the classroom vs a student in the dorms.
Thank you
Nils.