AAA, NAC, Guest Access & BYOD

How to Authenticate Endpoints with its attribute value

Aruba Employee
Requirement:

Consider an Endpoint is updated with a particular attribute "Owner" and its value updated as "test". If there is a requirement to authenticate all EndPoints with same attributes only should be authenticated, we can create a new Authentication source and use custom SQL to authenticate the device.



Solution:

The below SQL allows the device to authenticate with the attribute value

   SELECT e.mac_address AS User_Password FROM tips_endpoints e
   LEFT JOIN tips_endpoint_tag_mappings m ON e.id = m.instance_id
   LEFT JOIN tips_tag_values v ON v.id = m.tag_value_id
   LEFT JOIN tips_tag_definitions d ON d.id = v.tag_id
   WHERE d.name= 'Owner' AND v.tag_value='test' AND e.status ='Known' AND mac_address = LOWER('%{Connection:Client-Mac-Address-NoDelim}');

 



Configuration:

Navigate to Configuration » Authentication » Sources and create a new Authentication Source as below

 

 

 

 

 



Verification

The Endpoint is added with an Attribute value of test as shown below

 

 

 

Screenshot showing successful Authentication against new Authentication source

 

Version history
Revision #:
2 of 2
Last update:
‎09-08-2016 09:53 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: