Wireless Access

At my workplace, we are migrating from HP MSM760 controller and system to an Aruba MM and MD-7030 setup.

My question today: How would Aruba suggest to authenticate hand-held device and printer automatically to a specific WLAN?  With the HP MSM760 system we used:

- Pre-Shared Key along with

- MAC Address list (to allow)

See attached screen shot.  We were infirmed from a previous thread thta we should create a username on the controller's database instead. 

 https://community.arubanetworks.com/t5/Wireless-Access/How-to-authenticate-devices-to-use-a-WLAN-by-MAC-Address/td-p/480382

But in our case we are trying to authenticate devices not people.  The printer or scanner is not going to enter a username on a web portal.  So my question is how can we use Aruba 8.3.0.3 to automatically authenticate a device to a specific SSID (WLAN) securely?

Are we suppose to add specific user's manually to each device.  What if there is no automatically remember my password settings from a printer?

What if the device is prompted ny the SSID to enter a password.  Is there another more automatic way?

In the previous case it was recommended not to use MAC addresses.  May I ask what else we can use instead for this scenario?

The devices connect with a preshared key.  In addition, the controller will do mac authentication of those devices.  The format to enter into the internal database to allow a device to connect via mac authentication is 

username: mac address

password: mac address

That is because the internal database was really for guests, so you must enter a username and password, but for mac authentication, the controller will obtain the mac address of the devices that tries to connect to the WPA2-PSK SSID and then compare it to the username/password in the internal database.

The printers or devices do not see a password prompt.  Entering the mac addresses in the database is only so that mac authentication can succeed.

I hope that helps.

Ok,

So if one creates:

1.  A user accont in the Aruba Controller internal database

        a.  MAC address for the username and the password for that user account.

2.  And a MAC Authenticatin profile to be used with that specific SSID.

Refernce: https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-MAC-based-authentication-on-Aruba/ta-p/182430

Then the SSID will automatically accept the MAC address of the printer device as if it was a "MAC Address List".  Is that correct? 

If it is correct will we need to create a user account on each local controller (2 of them at each location)?  The majority of my confusion has to do with how the Aruba Wireless Network will recognize the user acocunts (MAC Addresses).  But it is starting to make more sense if we segment the process 1 stepa t a time.  Are the above 2 steps correct?

"Then the SSID will automatically accept the MAC address of the printer device as if it was a "MAC Address List".  Is that worrect? "  YES.

If it is correct will we need to create a user account on each local controller (2 of them at each location) - NO. the database is synchronized to each controller.

Ok, so.... I am starting to understand teh requirements better.  Please confirm the below steps.  In order to authenticate via MAC address.

1.  Create a MAC Auth profile.
     a.  Step A. from:  https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-MAC-based-authentication-on-Aruba/ta-p/182430