Security

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
Frequent Contributor I

ClearPass Radius assign different vlans based on OpenLDAP attribute

I have seen plenty of community posts and directions provided where using an Aruba VSA to an external RADIUS server you can deduce a Vlan identifier.

But what about if CPPM is the RADIUS server (not pointing to an external one) and he is talking to OpenLDAP for authentication and authorisation ?


Accepted Solutions
Highlighted
Moderator

Re: ClearPass Radius assign different vlans based on OpenLDAP attribute

Yes. This is most deployments. 

You use role mapping to map LDAP attributes to ClearPass roles (TIPS roles), then use those TIPS roles in your enforcement policy to return a VLAN enforcement profile and/or role. 

Sent from Nine


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: ClearPass Radius assign different vlans based on OpenLDAP attribute

Yes. This is most deployments. 

You use role mapping to map LDAP attributes to ClearPass roles (TIPS roles), then use those TIPS roles in your enforcement policy to return a VLAN enforcement profile and/or role. 

Sent from Nine


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post