Wireless Access

Reply
Contributor I
Posts: 34
Registered: ‎12-05-2011

Sever rule issue

Hi everyone:

I'm wondering how does this rule functionA)T3@EV(W6~PG}3WC{U47@G.jpg

If my AAA profile have a role A,and my Internal database determines the User Z's role is B.

And my aaa profile use this interna database.

Now it pretends this function,if i add this rule and my database has the user Z whose rule is B,if i passed the auth it give me the role B,not the profile's role A

Here is my question,what does this rule mean?

And the attribute represtents for what?

Cause I didn't find any option when i add this attribute,it's not the default option? I add this handly.

No Pain No Gain~
Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Re: Sever rule issue

That rule means to give a user whatever role he has in the internal database, instead of the default role in the AAA profile. If you remove that rule, he will have whatever the default role is for the method in the AAA profile.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 34
Registered: ‎12-05-2011

Re: Sever rule issue

But the Role attribute is not in the default attribute.

It can't be choosed.I added it handly.Can it work?

So if I add the other attribute which is not in the default attribute,it can also work?

No Pain No Gain~
Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Re: Sever rule issue

What kind of authentication are you using?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 34
Registered: ‎12-05-2011

Re: Sever rule issue

Portal and MAC.

Client should pass the mac auth first,if he couldn't.

He have another chance to pass the auth by portal.

In my mac auth,I use the server rule to let my client pass the auth and use its database's role.

And I find the role attribute is not in the default attribute.I added it handly and it can work,this the most confused me.TXOCXZF[7CLG{{AB4R157`K.jpg

No Pain No Gain~
Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Re: Sever rule issue

Okay.  Here is how it should go:

 

In the AAA profile, if there is a mac authentication profile and a mac authentication server group, the device will attempt mac authentication (If either one is missing, mac authentication will not be performed).  For the device to pass mac authentication, the mac address must be in the local database in the proper format.

 

If the device passes mac authentication, he will be assigned the mac authentication default role, OR he will be assigned the role that has mac address is assigned to, if the "value-of" rule is in the mac authentication server group.

 

If the device does NOT pass mac authentication, it will remain in the "Initial Role" of the AAA profile.  If the initial role has the Captive Portal ACL, then whatever Captive Portal Authentication Profile is assigned to the Initial Role will be used.  The Captive Portal Authentication profile has a server group assigned, and that will determine what username and password database (server group) the user's username and password will be checked against.  If the user logs in successfully, he will be assigned the role in the internal database because of that "value-of" rule you have in the server group.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: