Wireless Access

Frequent Contributor I

Instant AP and role from Clear pass

I am trying to set the role on an instant controller when a device connects.  this is not a guest type access so there is no portal page being sent.  I just want to when a device connects and it meets certain criteria, set a role (predefined on the instant) so that an ACL will be used.  clear pass seems to pass the role when the device connects but not seeing it on the controller.   How would I look for this (debugging logging...)  I am running code on the instant.


snip from config:

wlan ssid-profile halekoa75_test
 index 1
 type employee
 essid halekoa75_test
 opmode wpa2-aes
 max-authentication-failures 0
 auth-server olevcppm10a-dev
 set-role Aruba-User-Role contains windows_deploy_test windows_deploy_test
 set-role Aruba-CPPM-Role contains windows windows_deploy_test
 rf-band all
 captive-portal disable
 dtim-period 1
 broadcast-filter arp
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

MVP Guru

Re: Instant AP and role from Clear pass

You may have a look at this video for an example.


From the config you sent, remove all the set-role commands, and in ClearPass return the Aruba-User-Role attribute with the role name that is defined on the Instant AP. Mapping will happen automatically, no config needed.


Also, be aware that roles are CaSeSENsiTivE. So returning Employee from ClearPass while you have employee with lowercase configured, it only works if you have an exact match.

If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: