Security

last person joined: 11 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

clearpass: allow users according to the building

This thread has been viewed 3 times

  • 1.  clearpass: allow users according to the building

    Posted Nov 27, 2014 03:39 PM

    Hello,

    I'm trying to configure the clearpass to allow the students (in the schools) and the guests (in some buildings with public rooms).

    I don't want that the guests can login in the schools (and the students in the public building).

     

    My rule mapping

    Role ID equals 1 : student

    Role ID equals 2 : guest

     

    I configured in clearpass the network devices of the different buildings with different radius shared secret and different location attribute.

     

    Now I'm not able to block the user if isn't in the right buildings.

     

    Thanks

    Best regards 

     

     



  • 2.  RE: clearpass: allow users according to the building

    EMPLOYEE
    Posted Nov 27, 2014 03:43 PM
    If you have an AP group per building (my recommendation), you can use "RADIUS:Aruba:Aruba-AP-Group" value in your policy.


  • 3.  RE: clearpass: allow users according to the building

    Posted Nov 27, 2014 03:58 PM

    Thank you Tim,

    Can you explain me better? 

    I dont understand how can help me to block some users in some buildings.

    Thanks

     

     



  • 4.  RE: clearpass: allow users according to the building

    EMPLOYEE
    Posted Nov 29, 2014 05:34 PM

    The easiest thing to do would be to duplicate your service and add the AP-group name(s) as a service rule and then put this service higher than the other one. 

     

    Then you can have custom enforcement actions for people connecting in those buildings.

     

    service-rule-ap-group.PNG