Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba Mobility controllers and Downloadable User Roles

This thread has been viewed 33 times

  • 1.  Aruba Mobility controllers and Downloadable User Roles

    Posted Jul 22, 2020 03:00 PM

    So far i've got DUP working on 2930 switches and DUR working on  an Aruba Instant cluster

     

    For an MD controller, is it the same as for an Instant cluster ? do I just tick the download clearpass role box in the appropriate profile ? and send back the following for example ...

     

    Radius:ArubaAruba-CPPM-Role=

    wlan access-rule eduroam-visitor-dur
    rule 192.168.1.152 255.255.255.255 match 17 67 68 permit
    rule 192.168.1.152 255.255.255.255 match 17 53 53 permit
    rule 192.168.1.88 255.255.255.255 match 17 53 53 permit
    rule 192.168.3.0 255.255.255.0 match any any any deny
    rule 192.168.4.0 255.255.255.0 match any any any deny
    rule 192.168.222.0 255.255.255.0 match any any any deny
    rule any any match any any any permit log

     



  • 2.  RE: Aruba Mobility controllers and Downloadable User Roles

    EMPLOYEE
    Posted Jul 22, 2020 03:27 PM

    Hi,

     

    I am assuming you want to do DUR directly from controller and not part of a dynamic secondary user role

    In this case, please follow this link (I know screenshots are based on AOS 6 but the same logic applies)

    https://community.arubanetworks.com/t5/Controller-Based-WLANs/Downloading-an-undefined-role-from-ClearPass-to-Controller/ta-p/243661

     

    If you want to do DUR for both switch role and controller role, I suggest you watch this video https://www.youtube.com/watch?v=SCF6cgooh28