Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

AAAServer rule

This thread has been viewed 1 times

  • 1.  AAAServer rule

    Posted Oct 31, 2013 04:37 AM


    aaa server-group "POC-RADIUS-Group-2"
    auth-server IITB_RADIUS
    set vlan condition Filter-Id contains "CC" set-value 20 set vlan condition Filter-Id contains "CHE" set-value 30
    set vlan condition Filter-Id contains "CSE" set-value 40


    aaa server-group "POC-RADIUS-Group-2"
    auth-server IITB_RADIUS set vlan condition Callback-Id contains "CC" set-value 20 set vlan condition Callback-Id contains "CHE" set-value 30
    set vlan condition Callback-Id contains "CSE" set-value 40

    but in both the Scenario user connect vlan configured in VAP Instead of server rule vlan.

    requesting help us configure server rule

    Regards,

    Jayesh



  • 2.  RE: AAAServer rule

    Posted Oct 31, 2013 07:16 AM

    What platform is your RADIUS server running on?   Have you double checked its configure to ensure it is ending the right attribut back to the controller?



  • 3.  RE: AAAServer rule

    Posted Oct 31, 2013 10:53 AM

    Recommend:

     

    a) look at Radius logs (if you are using ClearPass, look at Access Tracker) to determine whats coming up and going back to the Controller

     

    b) turn on radius/aaa debug on the controller and watch the transaction.  Role derivation will be visible there.(or lack thereof)

     

    JF