Controller-less WLANs

Role derivation based on MAC address for Open or PSK based SSID

There are several ways to assign user-role for a user and this article describes about how user-role could be assigned using role derivation based on MAC address for a Open or PSK based SSID.

 

Administrators can now differentiate roles for users connecting in Open or PSK based SSID based on MAC address.

 

Environment : This article applies to all Instant Access Points running 4.1 and later.

 

rtaImage (2).png

 

Create a new SSID as shown below

 

rtaImage (3).png

 

Choose VLAN assignment as needed

rtaImage (4).png

 

Security could be Open or PSK based.

 

rtaImage (5).png

 

Choose Role based under access rule and under Role assignment rules choose parameters as shown below and click finish.


In the below screenshot, a role derivation is created to assign clients in allow all role when their MAC address starts with 0061.

 

rtaImage (6).png

 

With the above configuration part is done.

 

From "show running-config" we could validate if role derivation based on MAC address has been applied to the created SSID.

 

rtaImage (7).png

 

The user who's mac address starts with 0061 got assigned in Allowall role where as other/rest of the user got assigned in "Guest" role in which we have restriction. Same can be seen from Web UI when clicked on client banner.

 

rtaImage (8).png

 

rtaImage (9).png

 

  1. Make sure the role derivation is properly configured in SSID profile(from CLI/WebUI) and also it contains MAC addresses for which ever user needs to be in Allowall role.
  • From WebUI:

rtaImage (10).png

  • From CLI:

rtaImage (11).png

 

Version History
Revision #:
1 of 1
Last update:
‎04-09-2015 04:17 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.