Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Wildcard for username in local mac auth

This thread has been viewed 3 times

  • 1.  Wildcard for username in local mac auth

    Posted May 28, 2014 12:59 PM

    I have a customer that I am deploying Aruba switches in tunneled-node to the controllers and Clearpass for user/machine auth.  They also have Cisco phones.  I have CP doing mac auth for the phones by the first 6 of the mac and dot1x for the user.  However the customer doesnt care to see the phone mac request in access tracker.  The phone vlan is locked down.  So I thought I would do a AAA profile on the controller for the wired side with a server group that had the internal database ( for mac auth of the phones ) then fail through to the CP servers.  I have this setup but havent been back on site to test.  If this works than this will solve the problem with the phones mac authing to access tracker.  But that means we will have to add all mac addresses to the internal database of the controller.  Is there a way to do mac auth wildcard based access in the internal database so we dont have to add mac addresses to the internal DB?



  • 2.  RE: Wildcard for username in local mac auth

    EMPLOYEE
    Posted May 28, 2014 02:31 PM

    Josh,

    You can use a user-derivation rule to wildcard the phone MAC addresses instead of using the internal user database however since the AAA-Profile has to also accomodate legitimate user/machine auth, you will still get see the MAC Auth from the phone as it will hit the same policy. Perhaps I'm confused on the setup.


    Best regards,

     

    Madani