This is a great example showing the flexibility of ClearPass in combination with ArubaOS switches.

Thanks, Great video. I already made some colorless port test with my Aruba 3810M but using radius attributes to control VLAN, ACL ... So now I need to try to do the same with user-roles :)

Nice video, well explained. Please, I have some concerns. In an enterprise environment with different departments (IT, HR, Finance, Accounting,Legal, etc.), the "User-Role-802.1x" service, from this video, would allow anyone from any department to connect to anything, provided you have been authenticated, since everyone is obviously an employee. Is there a way to address that? In my opinion, one option is to streamlined the traffic from different departments to its desired service with a firewall placed to the right of the router (using your network topology in the video). However, there is another concern: how do I avoid user-to-user traffic? I do not want user PCs/laptops to be able to communicate with themselves. Any advice on how to do it with ArubaOS or ArubaCPPM? Think of it this way, what do you advise in a scenario where every department/group (say 30 in number) has a VLAN ID and a subnet for its users? I am thinking that it would be cumbersome defining user-roles on every ArubaOS switch in an enterprise environment, and then allowing CPPM to only send VSAs to trigger them. Please correct me if I am wrong. Also, do you have any video where CPPM enforces VLAN and ACL to switches? Again, this is a very great video. It triggered my brain for all the questions above. Thanks a lot.

Another great one!

In the controller, when I look at the role and policy configuration, there are "initial role", "MAC Authentication default role", and "802.11x Authentication default role". What is the difference between these roles? In what condition the user will be assigned to any of these roles?