How do I use the user derivation rule to set the role using a MAC OUI?
Question: How do I use the user derivation rule to set the role using a MAC OUI?
Product and Software: This article applies to all Aruba controllers and ArubaOS 5.0.
The Aruba user's role is assigned to a station and contains access control lists that control the user's access to network resources. The role can be assigned to the station in many different ways. The following steps explain the assignment based on a MAC OUI. This assignment method is common with devices such as handhelds and phones that do not support more advanced authentication methods, such as, 802.1x and captive portal.
To assign the role with specific organizationally unique identifier (OUI), follow these steps:
1) Log in to the controller using SSH and enter the configuration mode.
2) Create the user derivation rule.
aaa derivation-rules user <rule name>
set role condition macaddr starts-with <MAC OUI 1> set-value <role name>
set role condition macaddr starts-with <MAC OUI 2> set-value <role name>
3) Assign the rule to the AAA profile.
aaa profile <profile name>
user-derivation-rules <rule name>
4) Exit and save the configuration.
The "aaa profile" can then be bound to the "wlan virtual-ap" to assign roles for wireless users or the "ap wired-port-profile" profile to control the access for wired devices.