Aruba Instant & Cloud Wi-Fi

Reply
Contributor II
Posts: 51
Registered: ‎03-21-2013

Assing vlan on mac auth failure

Hi. I just want to assing clients to a specific VLAN if MAC auth fails. I have configured an open network with MAC auth to an external radius server, no captive portal configuration.

 

Assign users with MAC on my radius server to specfic VLAN is working fine, but I don't achieve assign VLAN to unauthenticated clientes.

 

Thank you in advance

Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: Assing vlan on mac auth failure

Unauthenticated clients should end up in the default VLAN.  Authenticated users should end up in the VLAN that you return from radius.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 51
Registered: ‎03-21-2013

Re: Assing vlan on mac auth failure

Hi. Unauthenticated clients are not getting IP because they don't pass level2 validation. What I have done is configure my radius server to give an "accept" to clientes who fails mac validation in order to let them pass to the default VLAN.

 

Regards

Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: Assing vlan on mac auth failure

What is your configuration?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 51
Registered: ‎03-21-2013

Re: Assing vlan on mac auth failure

Open Network with MAC authentication enabled. No captive portal.

 

Regards.

Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: Assing vlan on mac auth failure

[ Edited ]

If you are using mac authentication, users should get the role in the initial role parameter of the AAA profile.  If they fail mac auth, they should stay in that initial role.  What is your question?  What are you trying to do exactly?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 51
Registered: ‎03-21-2013

Re: Assing vlan on mac auth failure

First of all It seems that I forget to mention that I'm using Instant Access Point :P... With Aruba Access Point and using an open Wireless Network with mac authentication I can't assing pre-authenticated role.

 

Regards,

Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: Assing vlan on mac auth failure

Allright.  I apologize.

 

You should manage the failed authentication from your radius server.  Which radius server are you using?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 51
Registered: ‎03-21-2013

Re: Assing vlan on mac auth failure

I'm using freeradius. I configured it to respond with an ok if doesn't find MAC in the database. It the MAC is in database I assing a VLAN based on Aruba-Role stored in freeradius database. It appear to be working fine.

 

Regards,

Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: Assing vlan on mac auth failure

If it is working, please mark this topic solved.  If not, your radius server should reply with the Aruba-User-VLAN attribute to set the correct VLAN.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: