Hi all,
first of all, I am all new to the aruba stuff as for the last couple of years I was a wireless engineer at a cisco-only partner. So there might be 1 - 3 things I am still missing but heres is what i want to do:
We have 17 IAPs (Mgmt network: 192.168.2.0/24) broadcasting 3 SSIDs at two locations
- Company-Guests - Captive Portal
- Company-Location1 (broadcasted only at Location 1...) - PSK
- Company-Location2 (broadcasted only at Location 2...) - PSK
Also we have two kinds of clients for the location SSIDs
- Tablets - restrict internet access
- everything else - no restrictions
What i want to implement is that when a client connects to the SSID the default role restricts the access to local resources (192.168.1.0/24) and only clients that are allowed (as there is not much fluctuation we thought we add their MACs manually to the internal server) are allowed to access everything.
Tried to edit the default role and configured "Deny any except to a network" - devices cant connect anymore
Tried to configure a "Role assignment rule" with several attributes that could reference the internal users but unfortunately this does not work the same way as the MAC-Authentication. Right?
Code: 6.4.4.8
I know that is not the best way to do this but as the customer wants to keep the PSK the same but on the other hand shared it quite alot...
Thanks for any response and idea in advance!