AMIGOPOD PowerConnect W Clearpass 100 Software Manual page 13

NOTE
The role_id value in this expression will need to match the Role ID of the RADIUS Role created in
the previous step (role_id of 5 in this example). In cases where you want the role to be the same
as the original, you can use $user['role_id'] in lieu of the numeric value.
NOTE This conditional expression assumes that the MAC Authentication Profile configured in the Aruba
Controller has the Delimiter set to dash and the Case to upper.
Figure 4. Suggested MAC Authentication Profile in ArubaOS configuration.
NOTE The logic is setup to populate the visitor_name field of the MAC Authentication account with the
name of the user that authenticated during the authorization phase of this process. Depending on
whether you are using the local Amigopod Guest Manager database or an external Active Directory
database the $user attribute will have to be modified. For local Amigopod database accounts the
value should be $user['username'] and for Active Directory it should be $user['displayname'].
NOTE The sample code used is designed to create the MAC Authentication account and have it expire
automatically at 5pm of the same day the user first authenticates via the Captive Portal process.
The expiry time is set via the modify_expire_time attribute and should be customized to suit the
deployment requirements at each site. Other common values include '24h' for 24 hours from the
current time, 'this Friday 18:00' for the end of the current week at 6pm. On expiry of the
account, the RADIUS MAC authenticated session will be disconnected using RFC3576 and the
account will be deleted. This configuration is triggered through the attribute do_expire. For more
information on these Guest Manager attributes please refer to the Amigopod Deployment Guide.
Amigopod |Technical Note Auto Create MAC Account|13