Security

 View Only

  • 1.  WPA2-PSK SSID with MAC-Auth and DUR

    Posted Feb 18, 2019 06:21 PM

    Hi Everyone,

     

    I got a problem trying to assign dynamic VLANs to a WPA2-PSK SSID via Clearpass Downloadable User Roles.

     

    To sum up the issue: Device is successfully authenticated via Clearpass MAC Service and DUR is presented to the Controller.

    "Show user" shows the correct DUR for my client. 

    "show rights downloaded-user-roles" show the correct VLAN for the specified DUR.

     

    The client just gets the VLAN that is assigned in the VAP Profile though.

    If a return "Aruba-User-VLAN" in addition to the DUR, the assignment is working.

     

    Is there anything missing or is the VLAN assignment via DUR just not working this way?

     

    Appreciate any help on this topic.

     

    With best regards,

    Kevin



  • 2.  RE: WPA2-PSK SSID with MAC-Auth and DUR

    Posted Feb 19, 2019 08:54 PM

    Are you using Standard or Advanced Role Configuration Mode for your DUR enforcement profile?



  • 3.  RE: WPA2-PSK SSID with MAC-Auth and DUR

    Posted Feb 20, 2019 03:23 PM

    I am using Standard DURs.

    That's the DUR currently used

     

    ip access-list session allowall
        any any any permit 
    !
    user-role cppmrole
        vlan 30
        reauthentication-interval 0
        access-list session allowall
    !
     
    The show rights output looks like this:
     
    Derived Role = 'role_download_controller_role_clients-3014-4'
    Up BW:No Limit Down BW:No Limit
    L2TP Pool = default-l2tp-pool
    PPTP Pool = default-pptp-pool
    Number of users referencing it = 3
    Assigned VLAN = 30
    Periodic reauthentication: Disabled
    DPI Classification: Enabled
    Youtube education: Disabled
    Web Content Classification: Enabled
    IP-Classification Enforcement: Enabled
    ACL Number = 90/0
    Openflow: Enabled
    Max Sessions = 65535


Related Content