Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Policy Manager -> Role Mapping -> Connection -> AP-mac -> "Belongs To List"

This thread has been viewed 0 times

  • 1.  Policy Manager -> Role Mapping -> Connection -> AP-mac -> "Belongs To List"

    Posted Apr 06, 2016 02:01 PM

    I'm looking to create a role-mapping policy that will match on a list of AP mac addresses so that I can perform CoA on them.  What I have right now is this...

     

    Screen Shot 2016-04-06 at 12.58.26 PM.png

     

    Is there any way to use an operator/value pair that would call something like a MAC address "host" list so I wouldn't need to enter all of the AP MAC addresses into the role mapping policy?

     

     



  • 2.  RE: Policy Manager -> Role Mapping -> Connection -> AP-mac -> "Belongs To List"
    Best Answer

    EMPLOYEE
    Posted Apr 06, 2016 02:08 PM

    It would be "belongs_to_group" is what you are looking for:

     

    belongs-to-group.png

     

     



  • 3.  RE: Policy Manager -> Role Mapping -> Connection -> AP-mac -> "Belongs To List"

    EMPLOYEE
    Posted Apr 06, 2016 02:08 PM

    <removed, already answered>



  • 4.  RE: Policy Manager -> Role Mapping -> Connection -> AP-mac -> "Belongs To List"

    Posted Apr 06, 2016 02:18 PM

    Ok, I see.  So when I choose Connection:AP-mac, the "belongs_to_group" statement does not exist.  When I change it to Called-Station-Id, it then shows up as an option.

     

    Both of these options in the RADIUS request would yield the same information so this works for me!

     

    Thank you very much for your assistance!