Valued Contributor I

Role mappping - using a previously defined Role to generate another one

In a role mapping file I've got an entry that defines whether a client endpoint is an allowable airgroup device and assign a locallly defined roll to it of "Airgroup Shared Device" ( see below ) 

and have set up an equivalent for games consoles.


I'm setting up a WPA2-PSK network only for either "Airgroup Shared Devices" or "Game Consoles" and want to create a Role called "UoY PSK Device" where the logic is 


if (Radius:Aruba:essid = "airgroups-psk" AND ( Role=Airgroup Shared Device OR Role="Game Console") )Then assign role " UoY PSK Device"


Can I create the above ? in a Role mapping file that also defines the OR components?


Failing that, could I do

if (Radius:Aruba:essid ="airgroups-psk" AND Role=Airgroup Shared Device) then .... 


and repeat it for games consoles.


Role mapping entries only seem to be if and..and..and... or IF...or...or





44.(Authorization:[Endpoints Repository]:Device Name  CONTAINS  Apple TV) 
OR  (Authorization:[Endpoints Repository]:OS Family  CONTAINS  Chromecast) 
OR  (Authorization:[Endpoints Repository]:OS Family  CONTAINS  Roku) 
OR  (Authorization:[Endpoints Repository]:Device Name  EQUALS  Amazon FireTV) 
OR  (Authorization:[Endpoints Repository]:OS Family  CONTAINS  Sonos) 
OR  (Endpoint:UoY_Airgroup_Shared_Server_Device_v2  EQUALS  true) 
OR  (Authorization:[Endpoints Repository]:OS Family  EQUALS  Solstice) 
OR  (Authorization:[Endpoints Repository]:Device Name  EQUALS  Amazon Echo)


Valued Contributor I

Re: Role mappping - using a previously defined Role to generate another one

ok. found the "belongs to statement" so i can build if ssid=... and client belongs to < list of categories or devicve types> which will do


Search Airheads
Showing results for 
Search instead for 
Did you mean: