Security

Reply
Frequent Contributor I

ClearPass Radius assign different vlans based on OpenLDAP attribute

I have seen plenty of community posts and directions provided where using an Aruba VSA to an external RADIUS server you can deduce a Vlan identifier.

But what about if CPPM is the RADIUS server (not pointing to an external one) and he is talking to OpenLDAP for authentication and authorisation ?

Guru Elite

Re: ClearPass Radius assign different vlans based on OpenLDAP attribute

Yes. This is most deployments. 

You use role mapping to map LDAP attributes to ClearPass roles (TIPS roles), then use those TIPS roles in your enforcement policy to return a VLAN enforcement profile and/or role. 

Sent from Nine

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: