I'm trying to set up a clearpas mac-auth service for all our Aruba APs. Theory is that I build up a list of appropriate mac address prefixes and use them to generate the appropriate enforcement policy to drop them into the right vlan.
What I've done is
1). Create a number of regex static host lists eg.
Name "Aruba AP225"
Host format Regular Expressions
Host Type mac address
RegEx - ^18-64-72-2[0-9A-F]-2[0-9A-F]-2[0-9A-F]$
so in theory all mac addresses starting with 18-64-72 are defined as being AP225s
2). Create an authenticaiton source
Name Aruba AP list
Type Static Host List
Mac address host list - ArubaAP 225,ArubaAP 275,ArubaAP 125......
3 Create service
Name UoY Aruba AP authentication
Service Rule
All of following
radius:ietf nas-port-type = Ethernet
radius:ietf Service-Type = Call-Check
Authentication Source Belongs_to "Aruba AP List"
An auth from an AP 225 mac address doesn't pick up this service, it drops down into the generic mac-auth service defined later on. If I remove the Auth:source... service rule and replace it with one saying radous:ietf User-Name Starts-With ...... then the service is picked up just fine.
Don't really want to have to specify all the mac prefixs in order to select this service, what am I doing wrong?
Rgds
Alex
#AP225