Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Guest Role Mapping Issues

This thread has been viewed 9 times

  • 1.  Clearpass Guest Role Mapping Issues

    Posted Nov 24, 2015 03:32 PM

    For some reason Guest role mapping is not working on our production CP server, but works on our test server.

     

    1. Created role "Campus Device"

    2. Added to the role [Guest Roles] Role mapping policy.

    3. Created a device in CPG with the Role "Campus Device"

    4. Have an  enforcement policy that only allows access if the device has the tips role of "Campus Device".

     

    Again it works fine on our test server, but not our production server.

     

    I've done a screen by screen comparison of the Service, Role Mapping, and Enforcement Policies between the Production and Test Servers and can't find a difference.

     

    Thanks.

    -Neil

     



  • 2.  RE: Clearpass Guest Role Mapping Issues

    Posted Nov 24, 2015 03:35 PM
    Are you using the Guest Device Repository as an Authorization Source?


  • 3.  RE: Clearpass Guest Role Mapping Issues

    Posted Nov 24, 2015 03:36 PM

    Yes.



  • 4.  RE: Clearpass Guest Role Mapping Issues

    EMPLOYEE
    Posted Nov 24, 2015 03:38 PM
    Do you have the Role ID to TIPS role mapping configured in the role map that is configured in the service?


  • 5.  RE: Clearpass Guest Role Mapping Issues

    Posted Nov 24, 2015 03:41 PM

    Yes, I'm using the same Role mapping policy "[Guest Roles]".

     

    -Neil

     



  • 6.  RE: Clearpass Guest Role Mapping Issues

    EMPLOYEE
    Posted Nov 24, 2015 03:43 PM
    Please export an access tracker log for one of the requests and post here.


  • 7.  RE: Clearpass Guest Role Mapping Issues

    Posted Nov 24, 2015 03:46 PM
      |   view attached

    Here you go!

    Attachment(s)

    zip
    DashboardDetails.zip   4 KB 1 version


  • 8.  RE: Clearpass Guest Role Mapping Issues
    Best Answer

    Posted Nov 24, 2015 05:13 PM

    Just spent an hour on the phone with our promoted SE.

     

    Turns out that you should NOT use the Default [Guest Roles] Mapping in Service rules, but create a new, separate Role Mapping (at least that fixed it for us).

     

    -Neil