12-17-2014 08:49 AM
My customer is looking to have both MAC authentication and 802.1x authentication to work on their internal SSID. Currently using windows server 2003 IAS for RADIUS authentication. Test users have been created with the MAC of the domain joined laptop we are testing with.
If the SSID is enabled for JUST 802.1x, it connects successfully
if the SSID is enabled for JUST MAC authentication, it connects successfully.
when I tick the check box for "Perform MAC authentication before 802.1x" I never see a request to the RADIUS server for the MAC authentication or the 802.1x and the connection fails.
If I tick the checkbox for "MAC authentication fail-thru" then the connection goes through and I can see the 802.1x connection to the RADIUS server and it connects.
Thoughts on where the disconnect could be with why the MAC authentication is not happening first?
12-17-2014 08:51 AM
MAC authentication is not designed to work with 802.1X.
You can use the MAC address as an authorization point after an 802.1X authentication, but this would require a policy engine like ClearPass.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
12-17-2014 09:27 PM