Security

Reply
Occasional Contributor I

Trying to add a MAC for a handheld scanner

Hi all.  New to the Aruba world and like it!  I've got version sprawl... working on getting all my controllers around the world on consistent version.  Anyway I have a plant that uses handheld scanners.  I need to add 2 MACs for 2 new scanners.  Under Monitoring -> Clients I see the list of 10 scanners plus all the other laptops etc.  Their name is their MAC addy, have an IPv4 IP, are in "scanners" User Role, using MAC authentication.  I cannot for the life of me find where to add the new MACs. 

 

I thought it would be under Configuration -> Security -> Authentication -> Internal DB, but only see some legacy laptops there. 

 

BTW the controller version is 5.0.3.0.  Again planning on upgrading all my controllers to 6.3 once it is out.

 

Thanks !

 

-Reset_Smith0100010101001010110010100101101001010101

Guru Elite

Re: Trying to add a MAC for a handheld scanner

If you do a show user-table then find the authentication profile, you can issue the command:

 

show aaa profile <profile-name>

 

This will tell you the server group. Once you have the server group name, issue the following:

 

show aaa server-group <server-group-name>

 

This will show you the list of servers that the profile is using for authentication and that should be where you can find your MAC address list.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Trying to add a MAC for a handheld scanner

Thanks.  That got me somewhere... bcould you elaborate a bit on "

 

This will show you the list of servers that the profile is using for authentication and that should be where you can find your MAC address list."  ?

 

thanks!!

Guru Elite

Re: Trying to add a MAC for a handheld scanner

Can you post the output of the show server-group command?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Trying to add a MAC for a handheld scanner


(aruba-hmd) #show aaa server-group default

Fail Through:No

Auth Servers
------------
Name      Server-Type  trim-FQDN  Match-Type  Match-Op  Match-Str
----      -----------  ---------  ----------  --------  ---------
Internal  Internal     No

Role/VLAN derivation rules
---------------------------
Priority  Attribute  Operation  Operand  Type  Action  Value  Validated
--------  ---------  ---------  -------  ----  ------  -----  ---------

(aruba-hmd) #

Guru Elite

Re: Trying to add a MAC for a handheld scanner

If you do a show aaa profile <profile name>, do you see a User Derivation rule list defined?

 

aaaprof-udr.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Trying to add a MAC for a handheld scanner

Mine is N/A like yours

Guru Elite

Re: Trying to add a MAC for a handheld scanner

Hm. Can you take the MAC of one of the connected scanners and post the output from:

 

show user <mac-address>


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Trying to add a MAC for a handheld scanner

 
Guru Elite

Re: Trying to add a MAC for a handheld scanner

What is your "MAC Authentication Default Role" for the "abc-scanners-aaa" AAA profile? (show aaa profile abc-scanners-aaa)


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: