Security

Reply
Frequent Contributor II
Posts: 109
Registered: ‎01-01-2012

Bandwidth contract based on mac address in mac+psk SSID

 

Hi All,

 

I want to do Mac address based BW Contracts.

I am using MAC and PSK authentication for SSID  and I  am trying to define User Rules ;

The user rules will provide  Role to client based on MAC address  and the role has specific bandwidth contract.

 

e.g I have created BW contract BW_up and BW_dn both 256 kbps. and apllied to Role BW_Restricted.

    I have created user rule set BW_Contract_Rule : if mac address equals  xx:xx:xx:xx:xx:xx then Role = BW_Restricted.

   In AAA profile of SSID under user derived rules I have selected BW_Contract_Rule.

 

I have tested it but the client is not getting restricted bandwidth and its role is  authenticated (it should be BW_Restricted) 

also if i select VLAN derivation instead of role...it works fine.  is it due to MAC auth. MAC auth role is authenticated.

 

Anything else can be done to apply BW contracts on user groups on same SSID??

 

Thanks,

Harshad.

Aruba
Posts: 1,639
Registered: ‎04-13-2009

Re: Bandwidth contract based on mac address in mac+psk SSID

Run the following command and take note of the Role Derivation entry to see where the role is being applied from:   show user ip x.x.x.x

 

domain\user, IP: 172.16.2.40, MAC: 00:24:d7:1c:c2:c8, Role:employee, ACL:69/0, Age: 00:01:07
Authentication: Yes, status: successful, method: 802.1x, protocol: EAP-PEAP, server: radius-server
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: default for authentication type 802.1x
VLAN Derivation: unknown
..............................................................etc.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: