Wireless Access

last person joined: 6 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Authentication server rules

Jump to Best Answer
  • 1.  Authentication server rules

    Posted Nov 20, 2019 01:58 PM

    we use server rules that flow from a NAC server for authentication. the rules look like this 

    filter-id equals aruba:version=1:policy=computer string set role computer 


    my question is : if the set role value "computer" is not a role available in the Aruba mobility master  what is the default role? would it be guest? 


    thank you 

  • 2.  RE: Authentication server rules
    Best Answer

    Posted Nov 21, 2019 04:11 AM

    If a role does not exist on a controller (or responding section in the MM device tree), for 802.1X authentication the 802.1X default role is applied, similar for MAC auth, and if no authentication happens (or auth fails and authentication fail-through is enabled) the initial role is applied. Each of these can be configured in the AAA profile:

    Screen Shot 2019-11-21 at 10.07.07.png

    Recommended is to return a role (or derive, as you do) during the authentication.