01-07-2014 07:15 PM
I have some problem with my aruba controller,
1. i want to reroute mac address client if client device has connecting to AP and AP will reroute to spesific vlan ( i will reserve mac address before), can i do this!
2. Can i create multiple Vlan at one SSID and chose primary vlan and secondary vlan!
Solved! Go to Solution.
01-07-2014 11:37 PM
1. Yes. Personally, I would do this with mac-auth and role derivation. I.e. Setup the mac addresses in the local controller db, with a specific role assignment. Then, in that role, specify the vlan you want. Then, enable mac-auth on the VAP. This should work unless your VAP setup already has more complex auth parameters like role derivation from 802.1x.
2. You can put more than 1 vlan into a VAP yes. Just assign more than 1 in that VAP profile. You can't really chose a "primary" and a "secondary" specifically without some kind of selection process in mind. I.e. what defines when the "primary" should be used, and what defines when the "secondary" should be used in your mind? If you have a criteria, again, derivation and vlan assignments somewhere should work.
01-08-2014 06:38 PM
Thanks for your reply
1. can you show me how to create mac_auth you mean.
i already setup :
A. Configuration >Security >Authentication > L2 Authentication > Add
B. and Configuration >Security >Authentication > Server > Internal db > add user ( typing mac address at column username and password), Role ( authenticated )
C. setup Configuration >Security >Authentication > AAA Profile > initial role (authenticated), mac auth (authenticated).
D. then choose AAA profile (setup before "C") to VAP
but i not found where setup vlan to mac address reserve, :D
2. Oh i c. thanks for ur explain.
01-10-2014 02:14 AM
Please see below configuration sample, i hope it will help you to apply mac base authentication
!! Create MAC Authentication Profile
!! Create Server Group and add server in it
!! Create AAA profile and add Server Group & MAC Authentication profile in it
!! create ssid profile
!! create vap and Assign AAA & ssid profile to VAP
!! create AP group and add VAP into it
aaa authentication mac "MAC-Athentication-Profile"
aaa server-group "MAC-Authentication-ServerGroup"
auth-server "Internal" position 1
aaa profile "MAC-Authentication-AAA-Profile"
wlan ssid-profile "MAC-Authentication-SSID-Profile"
wlan virtual-ap "MAC-Authentication-VAP-Profile"
ap system-profile "MAC-Authentication-APSystemProfile"
Syed Murad Ali
ACMP ACMA CCNA
01-10-2014 05:06 AM
Also, take a look at Aruba Solutions Exchange (valid support contract required).
This will allow you to build configurations step-by-step.