Wireless Access

Hi All,

 

i have a new setup with one Virtual Mobility Master and two Controller 7210 (in a Cluster) with Version 8.5.0.4

We have a Guest-SSID with MAC-Authentication and Captive-Portal. We use User derivation rules where all Client - MAC -Adresses are in. So if the user is in this Rule, the Client can connect without authentication. If the MAC - Adress is not in this list, the client get the Captive-Portal.

4 Month ago i copied this MAC-Adress-List from our old environment (Version 6.5.x.x) to the new setup.

All was working fine in the new setup.

Now i moved some of our Buildings to the new Controller-setup and the old clients are still can connect to the Guest-SSID without authentication. But if i add some new MAC-Adresses to this list, they will get everytime the Portal-Page to authenticate.

My Laptop was also in this list and worked fine. I removed the MAC of my laptop from the list and add it again. Now i get also everytime the Portal-Page.

I searched already here in the Forum and also read some documentation, but nothing helps.

Do you have any hint for me?

 

thanks a lot.

 

Markus

 

Are you adding those  mac addresses at the same level in the hierarchy where the other mac addresses were added?

yes, i did.

i tried also to add them on different levels in the hierarchy.

SSH into the MM.   Type "show local-userdb" and see if they are there.  If they are there, use "local-userdb-add" to add the ones that are not there.

we are using derivation-rules:

 

aaa derivation-rules user user_rule_mac_vendor_black_berry
set role condition macaddr equals "10:0b:a9:xx:xx:xx" set-value guest description "user1"
set role condition macaddr equals "4C:0F:6E:xx:xx:xx" set-value guest description "user2"
set role condition macaddr equals "B4:B6:76:xx:xx:xx" set-value guest description "user3"

I apologize.

 

Did you type "show aaa derivation-rules user <name of user rules>" on the MD to see if it appears?

 

 

yes.

there are also hits, but not on the newly added MAC´s.

 

 

 

 

Did you delete those users from the user table before trying again?

Slightly off-topic but is it possible to add the addresses via GUI? (Ver 8.4). Thanks

Yes, you can add the MAC - Adresses to the derivations rules via GUI and via CMD.

i tried both.

 

 

Thanks Markus. Still possible in the absence of derivation rules?
Essentially looking for the GUI equivalent of the* local-userdb add
username *command.

Thanks


--

[image: LBUSD]

Ryan Hertzing
Systems Administrator
Laguna Beach Unified School District
550 Blumont Street | Laguna Beach, CA 92651
rhertzing@lbusd.org | 949-497-7700 Ext. 5223
Website | Twitter |
Facebook

--
Laguna Beach Unified School District
Website| Twitter | Facebook




This email communication and any
attachments, including documents, files, or previous email messages,
constitute electronic communications within the scope of the Electronic
Communications Privacy Act, 18 USCA 2510 et al. This email communication
may contain non-public, confidential or legally privileged information
intended for the sole use of the designated recipient(s). The unauthorized
and intentional interception, use, copy or disclosure of such information,
or attempt to do so, is strictly prohibited and may be unlawful under
applicable laws. If you have received this email communication in error,
please immediately notify the sender by return email and delete the 
original email from your system.