Wireless Access

Reply
Occasional Contributor I
Posts: 6
Registered: ‎03-26-2013

HOW TO ASSIGN MAC ADDRESS TO REROUTE VLAN AT CONTROLLER

Hi,

 

I have some problem with my aruba controller,

1. i want to reroute mac address client if client device has connecting to AP and AP will reroute to spesific vlan ( i will reserve mac address before), can i do this!

2. Can i create multiple Vlan at one SSID and chose primary vlan and secondary vlan!

 

 

Thanks Before

 

 

MVP
Posts: 562
Registered: ‎11-28-2011

Re: HOW TO ASSIGN MAC ADDRESS TO REROUTE VLAN AT CONTROLLER

1. Yes. Personally, I would do this with mac-auth and role derivation. I.e. Setup the mac addresses in the local controller db, with a specific role assignment. Then, in that role, specify the vlan you want. Then, enable mac-auth on the VAP. This should work unless your VAP setup already has more complex auth parameters like role derivation from 802.1x.

 

2. You can put more than 1 vlan into a VAP yes. Just assign more than 1 in that VAP profile. You can't really chose a "primary" and a "secondary" specifically without some kind of selection process in mind. I.e. what defines when the "primary" should be used, and what defines when the "secondary" should be used in your mind? If you have a criteria, again, derivation and vlan assignments somewhere should work.

Kudos appreciated, but I'm not hunting! (ACMX 104)
Occasional Contributor I
Posts: 6
Registered: ‎03-26-2013

Re: HOW TO ASSIGN MAC ADDRESS TO REROUTE VLAN AT CONTROLLER

Thanks for your reply

 

1. can you show me how to create mac_auth you mean.

    i already setup :

    A.  Configuration >Security >Authentication > L2 Authentication > Add

    B. and Configuration >Security >Authentication > Server > Internal db > add user ( typing mac address at column username and password), Role ( authenticated )

    C. setup  Configuration >Security >Authentication > AAA Profile > initial role (authenticated), mac auth (authenticated).

    D. then choose  AAA profile (setup before "C") to VAP

  but i not found where setup vlan to mac address reserve, :D

 

2.  Oh i c. thanks for ur explain.

Super Contributor II
Posts: 354
Registered: ‎09-26-2012

Re: HOW TO ASSIGN MAC ADDRESS TO REROUTE VLAN AT CONTROLLER

Please see below configuration sample, i hope it will help you to apply mac base authentication

 

!! Create MAC Authentication Profile
!! Create Server Group and add server in it
!! Create AAA profile and add Server Group & MAC Authentication profile in it
!! create ssid profile
!! create  vap and Assign AAA & ssid profile to VAP
!! create AP group and add VAP into it



aaa authentication mac "MAC-Athentication-Profile"
  delimiter colon
  max-authentication-failures 0

aaa server-group "MAC-Authentication-ServerGroup"
  auth-server "Internal" position 1

aaa profile "MAC-Authentication-AAA-Profile"
  mac-default-role authenticated
  initial-role logon
  mac-server-group "MAC-Authentication-ServerGroup"
  authentication-mac "MAC-Athentication-Profile"
  authentication-dot1x "default"

wlan ssid-profile "MAC-Authentication-SSID-Profile"
  essid MAC-Authentication
  wpa-passphrase murad123
  opmode wpa2-psk-aes

wlan virtual-ap "MAC-Authentication-VAP-Profile"
  vlan 1
  aaa-profile "MAC-Authentication-AAA-Profile"
  ssid-profile "MAC-Authentication-SSID-Profile"

ap system-profile "MAC-Authentication-APSystemProfile"

ap-group "AP-Group"
  virtual-ap "MAC-Authentication-VAP-Profile"

Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: HOW TO ASSIGN MAC ADDRESS TO REROUTE VLAN AT CONTROLLER

Also, take a look at Aruba Solutions Exchange (valid support contract required).

 

https://ase.arubanetworks.com/solution/name/generic_ssid_non_snippet/

 

This will allow you to build configurations step-by-step.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: