Security

 View Only

  • 1.  Role mapping function in lab but not in production

    Posted Feb 05, 2018 01:59 PM

    I re-worked my role mapping in my lab where I have 3 services with 3 separate role mappings. All is good.

    This is a Clearpass Guest w/ Cisco WLC (server-initiated) setup.

     

    Initial mac-auth occurs, users is given a "pre-auth" role on CPPM.

    User processes portal, is marked known, COA occurs, user comes back into the same mac auth service but is given back the same pre-auth role and not the proper role for me to push the "ACK ACL" to the controller..

     

    I have gone through the configuration up and down to make sure it matches, service rules, policies, profiles, etc..

     

    Is there something I might not be checking and I should...



  • 2.  RE: Role mapping function in lab but not in production

    Posted Feb 05, 2018 02:02 PM
    You generally don't want to use a role mapping for a session like attribute as it will be cached.


  • 3.  RE: Role mapping function in lab but not in production

    Posted Feb 05, 2018 02:06 PM
    Yes makes sense...
    Hmm so I'm at a loss because in the lab this all works just fine.

    the webauth modifies certain attributes on the endpoint which I check against on the next mac auth..


Related Content