Aruba ClearPass Workshop (2021) - Wireless Access #3 RADIUS - Aruba User Roles and ClearPass Roles
In this longer video, we explain Aruba User Roles, which are enforced on the infrastructure (Aruba Instant in this case) and can prevent certain users or devices from reaching specific services. In this example, we prevent contractors from reaching our internal Intranet website.
ClearPass also has a concept of Roles. These roles are there to separate your business logic, like people in a specific Active Directory group will be applied with a Tag, or label, so in your enforcement, you can return the right Enforcement profiles. You can imagine that the enforcement for Wireless could be different than for Wired, and definitely for different brands of network equipment. The ClearPass Roles and the Role Mapping in ClearPass can be reused across different services, and the enforcement is really simple to read (if this ClearPass role, then that enforcement profile). If your deployment grows, you will learn to appreciate role mapping. But for smaller deployments, it will give you additional information as all selected roles are shown in the Access Tracker and that helps to troubleshoot or understand why a specific enforcement is selected.
Workshop video overview, schedule, and discussion can be found on the Airheads Community: community.arub...
⏰Timestamps:
00:00 Intro
00:20 Aruba User Roles vs. ClearPass Roles
01:23 Configure Aruba User Roles on Instant
03:10 Create Enforcement Profiles
06:06 Create Enforcement Policy
08:09 Apply policy and test from client
09:32 Why use ClearPass Roles?
10:27 Create ClearPass Roles
10:58 Create CPPM Role Mapping
14:14 Change Enforcement to use CPPM Roles
16:10 Test from client
18:47 Groups EQUALS vs memberOf CONTAINS
19:47 Summary and Wrap up
Пікірлер: 11
Thank you for making the video
Nice video Serie, tks!
Great update 😁
So just check this video will teach how to assign different vlans subnet based on users security groups, right? Thanks
This Profiles, Policies, Roles, Services are so confusing can't find someone to explain it to explain it step by step without rushing through :(
@hermanrobers
2 ай бұрын
Understand that it may take some time to get exactly how services call enforcement policies that call enforcement profiles. In my experience, it's a learning curve, if you do it a lot, it will become clear and it perfectly makes sense.
hello Herman thank you for the great videos first time with Aruba i’m used to work with ISE, but it looks simple. i just get a little bit lost here. is there any slides i can read or document for this one?
@mohammedkeswani2494
Жыл бұрын
another thing to add, you have added the AD as Radius from the videos before, why we need to specify the member of like ldap? am i missing something ?
Is port 443 is required to open between IAP and CPPM for downloadable user role to work..?
@hermanrobers
2 жыл бұрын
Correct. The IAP will use HTTPS (TCP/443) to retrieve the DUR (downloadable user role) contents. Check the videos on DUR in the Dynamic Segmentation Inside Out video series for more details on DUR.
Studying for my ACCA right now, these videos are great! thank you! 🧡🦩