Hi there,
I have a client who has a use case that I have never encountered before. They are authenticating both machine and users via certificates to ClearPass (EAP-TLS) and AD.
When a machine boots up and connects to the SSID, it dynamically gets pushed a VLAN ID via the 'Aruba-User-Vlan' Attribute in the ClearPass Enforcement Profile. The VLAN ID is determined by the AD computer group they are a member of. This works fine.
When the user logs in to the machine (and connects to the same SSID), my client wants to keep the IP address that the machine received upon it's initial boot, and not obtain a new IP address when the user logs in.
I have removed the VLAN assgnment from clearpass for all users, but they still get put in to the VLAN ID that the SSID on the Mobility Controller is assigned to.
I can't see a way where this is possible. Any ideas?
-Brett