Wireless Access

Wondered what was the best practice to have a Single Guest Wireless SSID to handle most guest users via Captive Portal but some guest users to be handled by MAC Address.  The same controller does handle an Employee Wireless SSID using 802.1x authentication.  Looking mostly to handle vendors that are at our location for months and only need internet access to not have to authenticate daily via Captive Portal but for everyone else that is just passing through to authenticate via Captive Portal.  Currently running Aruba OS 6.4.2.4.

I had initially thought of using MAC Authentication which would give me the option to expire the MAC address after awhile but of course that requires a bit of setup.  I did see mention of using a UDR to set the role based on MAC but wondered if that would only be leveraged for the Guest SSID or would that be leveraged for both the Guest SSID and Eployee SSID?  I assume the UDR would require manual removal and couldn't have a set expiration date?

The UDR would require no setup beyond writing the UDR and adding it to the AAA profile.  You would have to remove the UDR rule manually when they are done.  That is the simplest way to add and remove it.  If your AAA profile is only applied to your Guest SSID/VAP , the UDR would only be applied to that SSID.

That certainly sounds like a quick and easy setup had missed the part of how it was linked to the captive poral so that clears up my understanding of things. 

One question are there any plans in future releases to provide a method to expire the rule in an automated fashion?