Security

Reply
Highlighted
Guru Elite

Re: Dynamic VLAN assignment with a single enforcement profile

So would an attribute on the certificate would be the variable? 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: Dynamic VLAN assignment with a single enforcement profile

no, i would need to create the variable in the process, e.g. with some rules?

I would still have the "manual" mapping of the VLAN but wouldnt have the clutter of several enforcement profiles.

if its not doable its no issue, I will stay with multiple enforcement profiles, i just thought after reading that post, that this might be doable.

 

thanks

Highlighted
Occasional Contributor II

Re: Dynamic VLAN assignment with a single enforcement profile

@cjoseph possible or does it need one profile per VLAN?

Highlighted
Occasional Contributor II

Re: Dynamic VLAN assignment with a single enforcement profile

@cjoseph possible?

Highlighted
Guru Elite

Re: Dynamic VLAN assignment with a single enforcement profile

I honestly have re-read this thread twice to try to give you a good answer.  Can you please give me a real-world example of what you are trying to do?  Maybe I am just not understanding.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: Dynamic VLAN assignment with a single enforcement profile

Hi cjoseph, sorry, this was the real-world example...

I can try to re-explain with a more elaborate but fictional example:

MAC Authentication for all devices:

- if the MAC contains aabb then the device should go into VLAN 123

- if the MAC contains bbcc then the device should go into VLAN 234

- if the MAC contains ccdd then the device should go into VLAN 345

- if the MAC contains ddee then the device should go into VLAN 654

I can do this with four different Enforcement Profiles without an issue....

is there a way to do this with a single Enforcement profile instead somehow with the use of some kind of variable?

Highlighted
Occasional Contributor II

Re: Dynamic VLAN assignment with a single enforcement profile

@cjoseph am I explaining it too complicated?

Highlighted
Guru Elite

Re: Dynamic VLAN assignment with a single enforcement profile

You would need only a single enforcement profile policy .  You would need 4 lines in your policy statement, however...


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: Dynamic VLAN assignment with a single enforcement profile

yes, that would be exactly what I would be looking for!

how could I do this?

Highlighted
Guru Elite

Re: Dynamic VLAN assignment with a single enforcement profile

So an enforcement policy is a rule or list of rules to be checked to do an action.  Enforcement profiles are what gets sent to a device to make that change.  Essentially, you will have a single enforcement policy but 4 enforcement profiles tied to those policies, depending on what you want to send:

enforcement.png


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: