Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Authentication for role assignment flow chart

This thread has been viewed 8 times

  • 1.  Authentication for role assignment flow chart

    Posted Sep 26, 2017 11:57 AM

    For lack of a better term, i'd like to know if anyone has a handy flow chart for authentication.  IE: VSA's trump other authentication for role assignment.  I'm building my notes for my ACMP exam and i want to nail authentication.

     

    I've been looking but cannot find a solid chart or graphic or document showing what has precedence over something else.

     

    Anyone able to help with this?



  • 2.  RE: Authentication for role assignment flow chart

    EMPLOYEE
    Posted Sep 26, 2017 12:01 PM

    Is your question on how the controller handles RADIUS responses or how ClearPass makes policy decisions? 



  • 3.  RE: Authentication for role assignment flow chart

    Posted Sep 26, 2017 12:07 PM

    I guess the part i'm most tripped up on is the following:

     

    When going from a basic AAA profile and the default 802.1x role, how does the controller discern if a client is going to get either the default Machine role, or the default User role.

     

    I've taken the exam a couple times and been confused by this.  I did boot camp, and wouldn't you know i rolled an unbelievable insomnia week the week of the course and some parts are foggy.

     

    I understand enforce machine authentication plays a role here, but i'm still not sure how the controller decides if the client is going to get the machine role or the user role.  I realize that the machine role is given if a user hasn't authenticated against something(say an idle machine at the Ctrl Alt Del screen).  But if enforce is turned on what takes precedence if at all?  

     

    I also understand that a VLAN Role (Trusted/untrusted port) trumps a AAA profile as well, but i'm still not 100% clear on some of this.  Even a link to the appropriate page in the userguide would be helpful at this time.



  • 4.  RE: Authentication for role assignment flow chart

    EMPLOYEE
    Posted Sep 26, 2017 12:12 PM
    Machine and User at the controller level isn’t used when you’re using ClearPass. The role is directly returned by ClearPass. If no role is returned, the AAA profile default 802.1X role is assigned.


  • 5.  RE: Authentication for role assignment flow chart

    Posted Sep 26, 2017 12:13 PM

    I'm not talking about clearpass.... sorry if i'm in the wrong forum, but i don't believe Clearpass factors into the ACMP 6.4 Exam.  



  • 6.  RE: Authentication for role assignment flow chart
    Best Answer

    EMPLOYEE


  • 7.  RE: Authentication for role assignment flow chart

    Posted Sep 26, 2017 12:23 PM

    I've read that and it helps, i've also just found the following document.

     

    https://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/63564/1/Role-Derivation.pdf

     

    This is going to help me too.  This exam is tough, and resources are at times very difficult to come across.

     

    As noted i'm just trying to cram as much info about it all into my head, i don't wanna fail again.