You could setup either a radius or ldap server with the username and password as the mac address.
- Define that LDAP or Radius server in Aruba and add it to a server group.
- Create a mac address authentication profile to match the format you have in your database and that is how Aruba will send it.
- Add the server group you created in the first step to aaa profile
- Add the mac authentication profile to the same AAA profile
The Aruba controller will now send the mac address as a username and password to the Radius or LDAP server you defined, in the format you define. If the LDAP or radius server returns with a positive, the device will get the mac authentication role in the AAA profile.
If the mac address does NOT pass authentication, processing will stop and the device will not be able to connect. If you have layer 2 passthrough on, processing will continue. The only exception is if you are using an open SSID, and mac auth fails, the device will remain in the Initial Role of the AAA profile.
I hope that makes sense.