Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Role mapping function in lab but not in production

This thread has been viewed 1 times

  • 1.  Role mapping function in lab but not in production

    Posted Feb 05, 2018 01:59 PM

    I re-worked my role mapping in my lab where I have 3 services with 3 separate role mappings. All is good.

    This is a Clearpass Guest w/ Cisco WLC (server-initiated) setup.

     

    Initial mac-auth occurs, users is given a "pre-auth" role on CPPM.

    User processes portal, is marked known, COA occurs, user comes back into the same mac auth service but is given back the same pre-auth role and not the proper role for me to push the "ACK ACL" to the controller..

     

    I have gone through the configuration up and down to make sure it matches, service rules, policies, profiles, etc..

     

    Is there something I might not be checking and I should...



  • 2.  RE: Role mapping function in lab but not in production

    EMPLOYEE
    Posted Feb 05, 2018 02:02 PM
    You generally don't want to use a role mapping for a session like attribute as it will be cached.


  • 3.  RE: Role mapping function in lab but not in production

    Posted Feb 05, 2018 02:06 PM
    Yes makes sense...
    Hmm so I'm at a loss because in the lab this all works just fine.

    the webauth modifies certain attributes on the endpoint which I check against on the next mac auth..