Security

Reply
Occasional Contributor I

Trying to add a MAC for a handheld scanner

Hi all.  New to the Aruba world and like it!  I've got version sprawl... working on getting all my controllers around the world on consistent version.  Anyway I have a plant that uses handheld scanners.  I need to add 2 MACs for 2 new scanners.  Under Monitoring -> Clients I see the list of 10 scanners plus all the other laptops etc.  Their name is their MAC addy, have an IPv4 IP, are in "scanners" User Role, using MAC authentication.  I cannot for the life of me find where to add the new MACs. 

 

I thought it would be under Configuration -> Security -> Authentication -> Internal DB, but only see some legacy laptops there. 

 

BTW the controller version is 5.0.3.0.  Again planning on upgrading all my controllers to 6.3 once it is out.

 

Thanks !

 

-Reset_Smith0100010101001010110010100101101001010101

Guru Elite

Re: Trying to add a MAC for a handheld scanner

If you do a show user-table then find the authentication profile, you can issue the command:

 

show aaa profile <profile-name>

 

This will tell you the server group. Once you have the server group name, issue the following:

 

show aaa server-group <server-group-name>

 

This will show you the list of servers that the profile is using for authentication and that should be where you can find your MAC address list.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Trying to add a MAC for a handheld scanner

Thanks.  That got me somewhere... bcould you elaborate a bit on "

 

This will show you the list of servers that the profile is using for authentication and that should be where you can find your MAC address list."  ?

 

thanks!!

Guru Elite

Re: Trying to add a MAC for a handheld scanner

Can you post the output of the show server-group command?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Trying to add a MAC for a handheld scanner


(aruba-hmd) #show aaa server-group default

Fail Through:No

Auth Servers
------------
Name      Server-Type  trim-FQDN  Match-Type  Match-Op  Match-Str
----      -----------  ---------  ----------  --------  ---------
Internal  Internal     No

Role/VLAN derivation rules
---------------------------
Priority  Attribute  Operation  Operand  Type  Action  Value  Validated
--------  ---------  ---------  -------  ----  ------  -----  ---------

(aruba-hmd) #

Guru Elite

Re: Trying to add a MAC for a handheld scanner

If you do a show aaa profile <profile name>, do you see a User Derivation rule list defined?

 

aaaprof-udr.png


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Trying to add a MAC for a handheld scanner

Mine is N/A like yours

Guru Elite

Re: Trying to add a MAC for a handheld scanner

Hm. Can you take the MAC of one of the connected scanners and post the output from:

 

show user <mac-address>


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Trying to add a MAC for a handheld scanner

 
Guru Elite

Re: Trying to add a MAC for a handheld scanner

What is your "MAC Authentication Default Role" for the "abc-scanners-aaa" AAA profile? (show aaa profile abc-scanners-aaa)


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: