Hi Team,
One of the challenges in a workflow is if you want to create a variable based on a split. In a workflow, you can automate splits or make them user selectable, and those filters provide a lot of functionality very easily to a network administrator. We have introduced a new feature in Cloudpath that extends this functionality by allowing a network administrator to create a variable based on that split! The network administrator can then re-use that variable within a workflow or a policy. Let us examine how we can apply this!
Scenario:
We have a school that is allowing students and faculty to use BYOD. The school has asked for a single workflow and want to use DPSK. They will use an idP to provide authentication in the form of Active Directory. They want a single DPSK WLAN, but students MUST connect to VLAN 10, and Teachers MUST connect to VLAN 20.
In the past, we would have to key something off the idP or use some JavaScript to fill out that variable, which was not ideal. Using the variable creation on split solves this problem!
Let’s build the workflow!
I have a simple AUP page, Active Directory Server, then based on Group membership, there is an auto split! So as a student, I am automatically put in the student workflow, and as a teacher, I am automatically put in the faculty workflow. In both workflows, we are going to provide them a DPSK from the same DPSK pool (campus).
Student and Teacher Workflow:
Let us define a new Variable on the split for “Students”
Click the blue crayon beside the word Students in the workflow
Scroll down past the filters and look for Variable Assignments.
I am going to enter a variable name of “ASSIGNED.VLAN” and provide it with a value of 10:
I am going to close this and do something similar to the Faculty workflow, but instead of the value 10, I am going to enter in 20.
Now, we have the ASSIGNED.VLANs created for Students and Teachers (10 and 20 respectfully) which is the requirements. What we now going to do is use a POLICY for the DPSK pool, campus, to return that Variable in place of VLAN!
Click on Configuration | Policies | select RADIUS Attribute Groups from the window.
Click on Add RADIUS Attribute Group
Provide it a name
in the VLAN field, use your new variable called ${ASSIGNED.VLAN}
I am also go to add an attribute for User-Name and assign it the value ${USERNAME} (change the drop down menu to Add or replace (single), which will return the users’s username that we scraped from the idP in the workflow.
Save this RADIUS Attribute Group
Click on Conditions
Create a condition for all users and assign it the RADIUS Attribute Group that you created. In this condition, I am going to match on all users and when we do match, we will return the variable ${USERNAME} for the username and the ${ASSIGNED.VLAN} for the VLAN.
Now, if a student authenticates, we will return the username from idP and for the VLAN we will return 10 (based on the value created in the split). Likewise for teachers, we return their username and for the VLAN we will return 20 (based on the value created in the split for teachers).
Let’s see this in Action!
Student name: Alex Murphy
Teacher name: Clarence Boddicker
Alex has gone through the workflow and received their DPSK, we can see that information in an ENROLLMENT for the device, includes, within the Variables, at the top, the variable ${ASSIGNED.VLAN} with a value of 10.
When Alex now authenticates using their DPSK provided to them, in SmartZone, we can see the following VLAN and USERNAME returned to them:
And Clarence Boddicker:
Expected result of username and VLAN 20
Great Success!
So, this is just an example of how you can use the variable on split feature. you can also add multiple variables on that split too, so you can be as creative as you want.
