Security

I'm guessing the answer is NO based on testing so far, but worth asking all the same.

Can you match, using ClearPass role mapping or enforcement policies, on the PSK entered against an MPSK wireless network by the user?

If you have MPSK deployed, you might be able to do what you try by working indirectly with attributes in other authorization sources like the endpoint database or the guest device database entry.

As the MPSK is bound to a device, you can assume that the correct MPSK is used for that device. If you are looking to have different roles depending on the PSK entered, that doesn't work like Tim mentioned as there is only one single PSK that will be accepted for that device. What you still can do is return roles depending on the device, or profiling information, and so on.

@cappalli Understood, main reason I asked is that Radius:Aruba:Aruba-MPSK-Passphrase is available in role mappings.

@Herman Robers I was trying to remove the need to register each device, and rather then have multiple PSK networks, was to use one PSK network and based on the PSK the user entered, we could dictate User Role and VLAN etc... I can get a user connected using a default PSK on an MPSK network using ClearPass - just would have been nice to be able to allocated based on the entered key. Will have to progress on device registration/captive portal instead and just put a PSK at the front.