Instant AP and role from Clear pass
07-05-2018 11:09 AM
I am trying to set the role on an instant controller when a device connects. this is not a guest type access so there is no portal page being sent. I just want to when a device connects and it meets certain criteria, set a role (predefined on the instant) so that an ACL will be used. clear pass seems to pass the role when the device connects but not seeing it on the controller. How would I look for this (debugging logging...) I am running 188.8.131.52 code on the instant.
snip from config:
wlan ssid-profile halekoa75_test
set-role Aruba-User-Role contains windows_deploy_test windows_deploy_test
set-role Aruba-CPPM-Role contains windows windows_deploy_test
Re: Instant AP and role from Clear pass
07-10-2018 11:40 AM
You may have a look at this video for an example.
From the config you sent, remove all the set-role commands, and in ClearPass return the Aruba-User-Role attribute with the role name that is defined on the Instant AP. Mapping will happen automatically, no config needed.
Also, be aware that roles are CaSeSENsiTivE. So returning Employee from ClearPass while you have employee with lowercase configured, it only works if you have an exact match.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).