Security

Hi all.  New to the Aruba world and like it!  I've got version sprawl... working on getting all my controllers around the world on consistent version.  Anyway I have a plant that uses handheld scanners.  I need to add 2 MACs for 2 new scanners.  Under Monitoring -> Clients I see the list of 10 scanners plus all the other laptops etc.  Their name is their MAC addy, have an IPv4 IP, are in "scanners" User Role, using MAC authentication.  I cannot for the life of me find where to add the new MACs. 

I thought it would be under Configuration -> Security -> Authentication -> Internal DB, but only see some legacy laptops there. 

BTW the controller version is 5.0.3.0.  Again planning on upgrading all my controllers to 6.3 once it is out.

Thanks !

-Reset_Smith0100010101001010110010100101101001010101

If you do a show user-table then find the authentication profile, you can issue the command:

show aaa profile <profile-name>

This will tell you the server group. Once you have the server group name, issue the following:

show aaa server-group <server-group-name>

This will show you the list of servers that the profile is using for authentication and that should be where you can find your MAC address list.

Thanks.  That got me somewhere... bcould you elaborate a bit on "

This will show you the list of servers that the profile is using for authentication and that should be where you can find your MAC address list."  ?

thanks!!

Can you post the output of the show server-group command?

(aruba-hmd) #show aaa server-group default

Fail Through:No

Auth Servers
------------
Name      Server-Type  trim-FQDN  Match-Type  Match-Op  Match-Str
----      -----------  ---------  ----------  --------  ---------
Internal  Internal     No

Role/VLAN derivation rules
---------------------------
Priority  Attribute  Operation  Operand  Type  Action  Value  Validated
--------  ---------  ---------  -------  ----  ------  -----  ---------

(aruba-hmd) #

If you do a show aaa profile <profile name>, do you see a User Derivation rule list defined?

Mine is N/A like yours

Hm. Can you take the MAC of one of the connected scanners and post the output from:

show user <mac-address>

What is your "MAC Authentication Default Role" for the "abc-scanners-aaa" AAA profile? (show aaa profile abc-scanners-aaa)

Parameter                           Value
---------                           -----
Initial role                        denyall
MAC Authentication Profile          SCAN-Gun
MAC Authentication Default Role     scanners
MAC Authentication Server Group     default
802.1X Authentication Profile       N/A
802.1X Authentication Default Role  denyall
802.1X Authentication Server Group  N/A
RADIUS Accounting Server Group      N/A
XML API server                      N/A
RFC 3576 server                     N/A
User derivation rules               N/A
Wired to Wireless Roaming           Enabled
SIP authentication role             N/A

thanks for your help!

Can you run:

show local-userdb verbose

and blank the passwords out?