Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

block account based on AP group

This thread has been viewed 0 times

  • 1.  block account based on AP group

    Posted May 03, 2016 10:52 AM

    So I have a 7240 and Clearpass for RADIUS on the K12 network I administer. I have all of my buildings APs in AP groups. Some of the building have a generic login that younger students use to login. I would like to make it so each buildings generic account can only be logged in if they are associated with that buildings AP group. I am sure this is something Clearpass can do but am unsure how. Thanks for any help.



  • 2.  RE: block account based on AP group
    Best Answer

    Posted May 03, 2016 11:19 AM
    You can create a role mapping based on the Aruba attribute Aruba-AP-Group:
    Aruba : Aruba-AP-Group : ClearPass TIPS Role (Building Name / AP-GROUP)


    And then on your enforcement policy you can use that in your logic:

    - Tips > role equals ClearPass TIPS Role (Building Name / AP-GROUP)

    - Authentication > Full-Username equals Generic Account