I am attempting to set up a new SSID with MAC auth against the controller's internal database, as there will only be a handful of devices allowed on this SSID. I have the WLAN set up on the controller, as well as a MAC auth profile, and a new user profile to be given to these users upon authentication. The issue I am running into is that the internal database can only be added to at the MM level, but the new role I created is at the managed network level, so I am not able to select that role as the one to be given to the users in the internal db.
Hopefully this makes sense, and I am just missing something really minor here that's preventing me from completing this.
Thanks in advance
If your users will only have one role upon successful mac auth, you can just change the default mac authentication role to that role in the AAA profile.
Thanks for the reply. I actually did do that. The issue is that I am trying to give the users a MAC auth role of "guest-printing", which I created on the controller level. The internal db, however, can only have users added to it at the MM level, where that new role I created doesn't exist, so the users in the db get handed the role of "guest"
Hopefully I am explaining this well enough
I think I understand.
Create a new server group and then put the internal database in it. Make that new server group your mac authentication server group in the AAA profile.
What is happening to you is that the default and internal server groups have this rule:
role value-of String set role
Which means, when users authenticate to that server group, return the role of the user in the internal database, which at the highest level will default to guest when you add users in the local database. If you authenticate to your new server group, there will be no rule requiring that the role of the user be returned, which means the users who mac authenticate should then take the default mac authentication role.
I hope that makes sense and works for you.
It seems GUI issue to me.
You can add the MAC address via CLI on MM.
(MM) [mm] #local-userdb add username 112233aabbcc password 112233aabbcc role guest-printing
You can add it, but type "show local-userdb" to see what role it gets. It will not add a role that is not available at that context. It will revert to guest.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.