Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Authentication server rules

This thread has been viewed 0 times

  • 1.  Authentication server rules

    Posted Nov 20, 2019 01:58 PM

    we use server rules that flow from a NAC server for authentication. the rules look like this 

    filter-id equals aruba:version=1:policy=computer string set role computer 

     

    my question is : if the set role value "computer" is not a role available in the Aruba mobility master  what is the default role? would it be guest? 

     

    thank you 



  • 2.  RE: Authentication server rules
    Best Answer

    EMPLOYEE
    Posted Nov 21, 2019 04:11 AM

    If a role does not exist on a controller (or responding section in the MM device tree), for 802.1X authentication the 802.1X default role is applied, similar for MAC auth, and if no authentication happens (or auth fails and authentication fail-through is enabled) the initial role is applied. Each of these can be configured in the AAA profile:

    Screen Shot 2019-11-21 at 10.07.07.png

    Recommended is to return a role (or derive, as you do) during the authentication.