Wireless Water Cooler

Reply
New Contributor
Posts: 3
Registered: ‎09-17-2014

How do I add a user rule via the cli?

Hello,

 

I am new to all things Aruba. What I'm trying to do is add a user rule via the command line. I just don't know what the command is. I took a look at the manual, but I might not be looking for the right keywords as I couldn't find it. Aruba OS is version 6.3.1.8. If I didn't post this in the right forum, please move it or alert me and I'll repost in the appropriate section.

 

Thanks in advance.

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: How do I add a user rule via the cli?

What exactly are you trying to create?  This chaper on Roles and Policies should help get you started.  You'll need the PEFNG license for it to work.

 

http://www.arubanetworks.com/techdocs/ArubaOS%206_3_1_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/Firewall_Roles.htm

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

New Contributor
Posts: 3
Registered: ‎09-17-2014

Re: How do I add a user rule via the cli?

Thanks for the reply. Basically, I am creating a web form where users can register their wireless devices with the Aruba controller. So I want to write a script to SSH into the controller and run the command to add a user rule.

New Contributor
Posts: 3
Registered: ‎09-17-2014

Re: How do I add a user rule via the cli?

Also, I'm looking to add a user rule not a user role.

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: How do I add a user rule via the cli?

[ Edited ]
(config) #aaa derivation-rules user <udr-ruleset-name>

 set role:

(user-rule) #set role condition <bssid,dhcp-option,dhcp-option-77,encryption-type,essid,location,macaddr> <contains,ends-with,equals,not-equals,starts-with> <value> set-value <role-name>

 

set vlan:

(user-rule) #set vlan condition <bssid,dhcp-option,dhcp-option-77,encryption-type,essid,location,macaddr> <contains,ends-with,equals,not-equals,starts-with> <value> set-value <vlan>

 

 

Keep in mind that this was not designed to be a registration-type feature. It was designed to take groups of devices that share common properties and assign a role (for example, the DHCP fingerprint of game consoles, or the MAC prefix of a VoIP phone). You may run into scalability issues.

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: