Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

191

192

193

194

195

196

197

198

199

200

4. Select the attribute from the Attribute drop-down list that the rule it matches against. The list of supported

attributes includes RADIUS attributes, dhcp-option, dot1x-authentication-type, mac-address, and mac-address-

and-dhcp-options. For information on a list of RADIUS attributes, see RADIUS Server Authentication with VSA

on page 151.

5. Select the operator from the Operator drop-down list. The following types of operators are supported:

l contains— The rule is applied only if the attribute value contains the string specified in

Operand

l Is the role— The rule is applied if the attribute value is the role.

l equals— The rule is applied only if the attribute value is equal to the string specified in

Operand

l not-equals— The rule is applied only if the attribute value is not equal to the string specified in

Operand

l starts-with— The rule is applied only if the attribute value starts with the string specified in

Operand

l ends-with— The rule is applied only if the attribute value ends with string specified in

Operand

l matches-regular-expression— The rule is applied only if the attribute value matches the regular expression

pattern specified in

Operand

. This operator is available only if the mac-address-and-dhcp-options attribute

is selected in the Attribute drop-down. The mac-address-and-dhcp-options attribute and matches-

regular-expression are applicable only for the WLAN clients.

6. Enter the string to match in the String text box.

7. Select the appropriate role from the Role drop-down list.

8. Click OK.

When Enforce Machine Authentication is enabled, both the device and the user must be authenticated for the role

assignment rule to apply.

In the CLI

To configure role assignment rules for a WLAN SSID:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# set-role <attribute>{{equals|not-equals|starts-with|ends-

with|contains|matches-regular-expression} <operator><role>|value-of}

(Instant AP)(SSID Profile <name># end

(Instant AP)# commit apply

To configure role assignment rules for a wired profile:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile <name>)# set-role <attribute>{{equals| not-equal| starts-with|

ends-with|contains}<operator> <role>| value-of}

(Instant AP)(wired ap profile <name>)# end

(Instant AP)# commit apply

Example

(Instant AP)(config)# wlan ssid-profile Profile1

(Instant AP)(SSID Profile "Profile1")# set-role mac-address-and-dhcp-options matches-regular-

expression \bring\b Profile1

(Instant AP)(SSID Profile"Profile1")# end

(Instant AP)# commit apply

Understanding VLAN Assignment

You can assign VLANs to a client based on the following configuration conditions:

l The default VLAN configured for the WLAN can be assigned to a client.

l If VLANs are configured for a WLAN SSID or an Ethernet port profile, the VLAN for the client can be derived

before the authentication, from the rules configured for these profiles.

l If a rule derives a specific VLAN, it is prioritized over the user roles that may have a VLAN configured.

Aruba Instant 6.4.0.2-4.1 | User Guide Roles and Policies | 195