Contributor II

Aruba controller concept

Hi all,


I have a problem with the concept in "ArubaOS 6.4.x user guide". When i configure MAC-based authentication, use internal database. The role  in "Internal DB" they call it  "role for authenticated client"[1] ( page 242 )  and at "default-mac-auth" in "AAA profile" we have "MAC Authentication Default Role"[2]  and they call it "role for clients who have completed MAC authentication" (page 372). I really don't know the difference between [1] and [2]. 


Guru Elite

Re: Aruba controller concept

Duc Nguyen,


You have two choices:


(1) You can force all devices that mac authenticate successfully to have the "Mac Authentication Default role" that is configured in the mac authentication profile

(2) You can have all devices take the role that is configured next to the device in the internal database.


The Server Rules of your mac authentication server group determines this:



If you remove the server rule, you will have scenario 1, where the device is assigned the Mac Authentication default role.

If you keep the server rule, you will have scenario 2, where the device will b assigned the role configured next to the device in the internal database.  I hope this helps.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Contributor II

Re: Aruba controller concept

Hi cjoseph,


Thanks for your help!

Search Airheads
Showing results for 
Search instead for 
Did you mean: