Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba Controller - Mac authentication for Guest Wi-Fi

This thread has been viewed 7 times

  • 1.  Aruba Controller - Mac authentication for Guest Wi-Fi

    Posted Jan 06, 2016 09:25 AM

    Dear all,

    We have Aruba 3600 controller with 6.3.1.6 OS and several AP105 access points. When users choose Guest SSID, they will be prompted with the Captive Portal to enter username & password. I would like few computers (MAC Address) to by pass this authentication.

     

    Under Security > Authentication > User Rules I have added a rules with the MAC Address of the computer that needs to be bypassed.

    aruba-06jan16-01.png

    Under Security > Authentication > Profiles >> Guest Wi-Fi profile I have selected the above rule for the User derivation rules dropdown.

    aruba-06jan16-02.png

    The particular device still pops to enter username and the password, Have I missed anything ?

    Any help would be much appreciated, thank you.

     



  • 2.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi

    Posted Jan 06, 2016 09:28 AM

    In your UDR you need to change the role to something else that is not the x-logon user-role, use the authenticated or create a new one 



  • 3.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi

    EMPLOYEE
    Posted Jan 06, 2016 09:35 AM
    @bickyz wrote:

    Dear all,

    We have Aruba 3600 controller with 6.3.1.6 OS and several AP105 access points. When users choose Guest SSID, they will be prompted with the Captive Portal to enter username & password. I would like few computers (MAC Address) to by pass this authentication.

     

    Under Security > Authentication > User Rules I have added a rules with the MAC Address of the computer that needs to be bypassed.

    aruba-06jan16-01.png

    Under Security > Authentication > Profiles >> Guest Wi-Fi profile I have selected the above rule for the User derivation rules dropdown.

    aruba-06jan16-02.png

    The particular device still pops to enter username and the password, Have I missed anything ?

    Any help would be much appreciated, thank you.

     

    Make sure you delete the user from the user table to trigger the rule:

     

    aaa user delete mac <mac address of user>



  • 4.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi

    EMPLOYEE
    Posted Jan 06, 2016 09:48 AM
    You gave the device the logon role in your UDR. That needs to be your final access role.

    Sent from Nine


  • 5.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi

    Posted Jan 06, 2016 11:06 AM

    Thank you everyone, I have changed the UDR role value to "authenticated". Now the particular device (MAC address) is auto authenticated. Devices without the MAC addresses on the rules will be prompted with the Captive Portal and has to enter valid username/password.

    aruba-06jan16-03.png

     

    Is there any way to import the bulk list of MAC addresses ?

     

    thank you very much.



  • 6.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi



  • 7.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi

    Posted Jan 06, 2016 01:44 PM

    Hi, I want to import the list of MAC Addresses, not a user account. And on the Security > Authentication > User Rules I cannot find an option to import.

     

    thank you



  • 8.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi

    Posted Jan 06, 2016 02:37 PM
    That's not possible


  • 9.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi

    EMPLOYEE
    Posted Jan 06, 2016 02:41 PM
    Build an excel sheet that concats the commands and paste into controller.


  • 10.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi

    Posted Jan 07, 2016 08:55 AM

    Hi,

    What is the command to add the mac address and assign "authenticated" role

     

    thank you.



  • 11.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi
    Best Answer

    EMPLOYEE
    Posted Jan 07, 2016 09:34 AM
    aaa derivation-rules user [udr name] set role condition macaddr equals [MAC address] set-value [role name]

    Sent from Nine


  • 12.  RE: Aruba Controller - Mac authentication for Guest Wi-Fi

    Posted Jan 07, 2016 08:59 AM

    local-userdb add username <MAC_ADDRESS> password <MAC_ADDRESS> role <ROLE_NAME>