SD-WAN

 View Only
last person joined: yesterday 

Forum to discuss HPE Aruba EdgeConnect SD-WAN and SD-Branch solutions. This includes SD-WAN Orchestration WAN edge network functions - routing, security, zone-based firewall, segmentation and WAN optimization, micro-branch solutions, best practics, and third-party integrations. All things SD-WAN!
Back to discussions
Expand all | Collapse all

SD-Branch with IAP - User Roles

This thread has been viewed 12 times

  • 1.  SD-Branch with IAP - User Roles

    Posted Oct 20, 2020 08:28 AM

    How can we configure SD-Branch PBR or SLA using Dynamic User-Roles for clients that are connecting to Wireless 8021x (or MAC Auth) on an IAP in the Branch? The IAP will of course get a Role from Clearpass but how does the Branch Gateway know the user has this role so as to use Policy that has been preconfigured on the BGW?

     

    I want to dynamically determine who is connecting to wireless and then have the role treated with SLA for best WAN path on the BGW. 

     

     



  • 2.  RE: SD-Branch with IAP - User Roles

    Posted Oct 20, 2020 09:51 AM


  • 3.  RE: SD-Branch with IAP - User Roles
    Best Answer

    EMPLOYEE
    Posted Oct 20, 2020 04:35 PM
    I hope, this link will help: https://afp.arubanetworks.com/afp/index.php/Role_Centric_Security_for_IAP_+_GW


  • 4.  RE: SD-Branch with IAP - User Roles

    Posted Oct 21, 2020 07:28 AM

    Excellent! Yes, that helps a ton. I did not know the Gateway could snoop RADIUS packets and glean information from them. Good to know. The article is well detailed. Looks like a couple fun days in the lab!