Security

Hi,

It seems it can't be done. The Aruba ClearPass with Cisco WLC 802.1X Role Based Access post uses the Airespace-ACL-Name and the Airespace-Interface-Name attributes for referencing the ACL and VLAN respectively. But the Airespace RADIUS dictionary has no attributes which reference an AVC profile:

Then I think I can't block or allow applications according to the user role when using ClearPass along with Cisco WLC. Any ideas?

Regards,

Julián

Did you try using av-pair and return avc-profile-name and role.

Look at the bottom half of following link. I beleive it will work:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/AVC_dg7point5.html

Hi JayBee,

Do you mean ClearPass return an attribute string "avc-profile-name" with value that matches "av-pair"?

Regards,

Julián

Thats correct. Somthing like this:

And then on WLC, under Wireless-> Application Visibility and Control -> AVC profiles, try creating an AVC profile with a similar name and required policies.

Ha, then it may work. I thought ClearPass doesn't have the Cisco-AVPair attribute, but actually it is in the Cisco RADIUS dictionary and not in the Airespace one.

Thanks very much!

Julián

Try that and please let me know as well if it works.

Yeah, I'll let you know. But because this is for a planned PoC I need to schedule and arrange all the requirements with customer, and it will take some time.

Regards,

Julián