05-27-2015 12:56 AM
I have a problem with the concept in "ArubaOS 6.4.x user guide". When i configure MAC-based authentication, use internal database. The role in "Internal DB" they call it "role for authenticated client" ( page 242 ) and at "default-mac-auth" in "AAA profile" we have "MAC Authentication Default Role" and they call it "role for clients who have completed MAC authentication" (page 372). I really don't know the difference between  and .
Solved! Go to Solution.
05-27-2015 03:23 AM
You have two choices:
(1) You can force all devices that mac authenticate successfully to have the "Mac Authentication Default role" that is configured in the mac authentication profile
(2) You can have all devices take the role that is configured next to the device in the internal database.
The Server Rules of your mac authentication server group determines this:
If you remove the server rule, you will have scenario 1, where the device is assigned the Mac Authentication default role.
If you keep the server rule, you will have scenario 2, where the device will b assigned the role configured next to the device in the internal database. I hope this helps.
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.