ArubaOS and Controllers

Occasional Contributor II

where is my mistake about user-derivation-rules?


I want to configurate the user-derivation-rules in the AC.
And realize these functions:

When the notebook-A with mac 11:11:11:11:11:11 connect to the SSID, it get the "denyall" role, others notebook get the inital-role "logon"

But when I use my notebook-A to connect to the ssid, I still get the logon role in my AC, where did I make the mistake ?

I don't want to control the notebook-A by mac-address Authentication, I just want to know how to use the derivation-rules.

Thanks very much!

======================This is my config==============================================

aaa derivation-rules user notebook-derivation-rules
set role condition mac-addr equals "11:11:11:11:11:11" set-value denyall

aaa profile "default"
inital-role logon
aaa derivation-rules user notebook-derivation-rules

user-role logon
captive-portal "test"
session-acl logon-control
session-acl captiveportal
session-acl vpnlogon
ipv6 session-acl v6-logon-control
user-role authenticated
session-acl allowall
ipv6 session-acl v6-allowall

aaa authentication captive-portal "test"
server-group "internal"

local-uesedb add username luojichen password 19880815
Guru Elite

Re: where is my mistake about user-derivation-rules?

1. Turn on user debugging;

config t
logging level debugging user-debug mac 11:11:11:11:11:11

2. Delete the user from the user table:

aaa user delete mac 11:11:11:11:11:11

3. Associate the user and observe the role

4. Paste in the logs here:

show log user-debug 50

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
Showing results for 
Search instead for 
Did you mean: