Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Radius assign different vlans based on OpenLDAP attribute

This thread has been viewed 0 times

  • 1.  ClearPass Radius assign different vlans based on OpenLDAP attribute

    Posted Feb 12, 2016 12:24 AM

    I have seen plenty of community posts and directions provided where using an Aruba VSA to an external RADIUS server you can deduce a Vlan identifier.

    But what about if CPPM is the RADIUS server (not pointing to an external one) and he is talking to OpenLDAP for authentication and authorisation ?



  • 2.  RE: ClearPass Radius assign different vlans based on OpenLDAP attribute
    Best Answer

    EMPLOYEE
    Posted Feb 12, 2016 12:29 AM
    Yes. This is most deployments. 

    You use role mapping to map LDAP attributes to ClearPass roles (TIPS roles), then use those TIPS roles in your enforcement policy to return a VLAN enforcement profile and/or role. 

    Sent from Nine