Security

Reply
Contributor II
Posts: 37
Registered: ‎05-13-2015

Aruba controller concept

Hi all,

 

I have a problem with the concept in "ArubaOS 6.4.x user guide". When i configure MAC-based authentication, use internal database. The role  in "Internal DB" they call it  "role for authenticated client"[1] ( page 242 )  and at "default-mac-auth" in "AAA profile" we have "MAC Authentication Default Role"[2]  and they call it "role for clients who have completed MAC authentication" (page 372). I really don't know the difference between [1] and [2]. 

Capture_1.PNGCapture_2.PNGCapture_3.PNGCapture_4.PNG

Guru Elite
Posts: 20,955
Registered: ‎03-29-2007

Re: Aruba controller concept

Duc Nguyen,

 

You have two choices:

 

(1) You can force all devices that mac authenticate successfully to have the "Mac Authentication Default role" that is configured in the mac authentication profile

(2) You can have all devices take the role that is configured next to the device in the internal database.

 

The Server Rules of your mac authentication server group determines this:

role-derivation.png

 

If you remove the server rule, you will have scenario 1, where the device is assigned the Mac Authentication default role.

If you keep the server rule, you will have scenario 2, where the device will b assigned the role configured next to the device in the internal database.  I hope this helps.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 37
Registered: ‎05-13-2015

Re: Aruba controller concept

Hi cjoseph,

 

Thanks for your help!

Search Airheads
Showing results for 
Search instead for 
Did you mean: