Contributor I

Mac Based Auth

I am using ArubaOS

I have a wpa2 SSID with radius auth to AD.

I have a small area in my coverage zone that I want to have about 10 ipads be able to access a certain web site on our network and no one else on the SSID. the Ipads login with a generic ID so I cant do it based on roles.


Whats the best way to aproach this mac auth and create a new set of roles with this site included? new SSID?


TIA for any help





Aruba Employee

Re: Mac Based Auth

if u want to do dot1x and also mac based role change, you can use UDR (userderivation rules). Or if you are creating new SSID for the IPADs you can do the Mac authentication.

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Contributor I

Re: Mac Based Auth

Where is your URL filtering done? Controller or firewall? Without knoledge, I can see a few methods - 


1. You can create a login/password for those particular ipads and drop them into a different role. The problem is if that username/password is distributed.


2. As Vinod mentioned, you can do a mac-address bypass mode and set the role to "authenticated" or to another user-role based on the mac auth. Watch out because once folks get word of this, it may become an admin nightmare.


3. Create another role and use user-based derivation to drop them into a different role. Again, if the info gets out, users will connect to this SSID to gain access so another form of auth such as mac address bypass or info passed from your RADIUS server may be required. 



Search Airheads
Showing results for 
Search instead for 
Did you mean: