I am attempting to implement a mac address whitelist for one of our VLANs. I'm using the internal database to store these mac addresses. Previously, the internal DB was only used for guest provisioning, and so every user automatically gets the role 'guest'
The VLAN I want to filter has the default role of logon, so if I understand it right, I should change the initial role to denyall, and then when I store the mac addresses in the internal db, their roles should be 'logon'
Unfortunately I cannot assign a different role to the entries in the internal db. I do not have the option to select a role from the 'add user' dialog, and if I try adding via the command line with this command:
local-userdb add username <mac> password <mac> role logon
it tells me I have invalid input, but without the "role logon" it adds the entry fine (with guest as the role).
I was not around when the guest provisioning was initially set up but it seems like something overriding my requests to use a different role and I can't figure out what! Any ideas?