There are several ways to assign user-role for a user and this article describes about how user-role could be assigned using role derivation based on MAC address for a Open or PSK based SSID.
Administrators can now differentiate roles for users connecting in Open or PSK based SSID based on MAC address.
Environment : This article applies to all Instant Access Points running 4.1 and later.
Create a new SSID as shown below
Choose VLAN assignment as needed
Security could be Open or PSK based.
Choose Role based under access rule and under Role assignment rules choose parameters as shown below and click finish.
In the below screenshot, a role derivation is created to assign clients in allow all role when their MAC address starts with 0061.
With the above configuration part is done.
From "show running-config" we could validate if role derivation based on MAC address has been applied to the created SSID.
The user who's mac address starts with 0061 got assigned in Allowall role where as other/rest of the user got assigned in "Guest" role in which we have restriction. Same can be seen from Web UI when clicked on client banner.
- Make sure the role derivation is properly configured in SSID profile(from CLI/WebUI) and also it contains MAC addresses for which ever user needs to be in Allowall role.
- From WebUI:
- From CLI: