Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba controller concept

This thread has been viewed 2 times

  • 1.  Aruba controller concept

    Posted May 27, 2015 03:56 AM

    Hi all,

     

    I have a problem with the concept in "ArubaOS 6.4.x user guide". When i configure MAC-based authentication, use internal database. The role  in "Internal DB" they call it  "role for authenticated client"[1] ( page 242 )  and at "default-mac-auth" in "AAA profile" we have "MAC Authentication Default Role"[2]  and they call it "role for clients who have completed MAC authentication" (page 372). I really don't know the difference between [1] and [2]. 

    Capture_1.PNGCapture_2.PNGCapture_3.PNGCapture_4.PNG



  • 2.  RE: Aruba controller concept
    Best Answer

    EMPLOYEE
    Posted May 27, 2015 06:24 AM

    Duc Nguyen,

     

    You have two choices:

     

    (1) You can force all devices that mac authenticate successfully to have the "Mac Authentication Default role" that is configured in the mac authentication profile

    (2) You can have all devices take the role that is configured next to the device in the internal database.

     

    The Server Rules of your mac authentication server group determines this:

    role-derivation.png

     

    If you remove the server rule, you will have scenario 1, where the device is assigned the Mac Authentication default role.

    If you keep the server rule, you will have scenario 2, where the device will b assigned the role configured next to the device in the internal database.  I hope this helps.

     



  • 3.  RE: Aruba controller concept

    Posted May 27, 2015 11:45 PM

    Hi cjoseph,

     

    Thanks for your help!