Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Instant AP and role from Clear pass

This thread has been viewed 8 times

  • 1.  Instant AP and role from Clear pass

    Posted Jul 05, 2018 02:10 PM

    I am trying to set the role on an instant controller when a device connects.  this is not a guest type access so there is no portal page being sent.  I just want to when a device connects and it meets certain criteria, set a role (predefined on the instant) so that an ACL will be used.  clear pass seems to pass the role when the device connects but not seeing it on the controller.   How would I look for this (debugging logging...)  I am running 6.5.4.3 code on the instant.

     

    snip from config:

    wlan ssid-profile halekoa75_test
     enable
     index 1
     type employee
     essid halekoa75_test
     opmode wpa2-aes
     max-authentication-failures 0
     auth-server olevcppm10a-dev
     set-role Aruba-User-Role contains windows_deploy_test windows_deploy_test
     set-role Aruba-CPPM-Role contains windows windows_deploy_test
     rf-band all
     captive-portal disable
     dtim-period 1
     broadcast-filter arp
     dmo-channel-utilization-threshold 90
     local-probe-req-thresh 0
     max-clients-threshold 64



  • 2.  RE: Instant AP and role from Clear pass

    EMPLOYEE
    Posted Jul 10, 2018 02:40 PM

    You may have a look at this video for an example.

     

    From the config you sent, remove all the set-role commands, and in ClearPass return the Aruba-User-Role attribute with the role name that is defined on the Instant AP. Mapping will happen automatically, no config needed.

     

    Also, be aware that roles are CaSeSENsiTivE. So returning Employee from ClearPass while you have employee with lowercase configured, it only works if you have an exact match.