Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 14
Registered: ‎10-12-2010

IAP-205 Issues getting MAC and 802.1x to work at the same time

My customer is looking to have both MAC authentication and 802.1x authentication to work on their internal SSID. Currently using windows server 2003 IAS for RADIUS authentication. Test users have been created with the MAC of the domain joined laptop we are testing with.

 

If the SSID is enabled for JUST 802.1x, it connects successfully

 

if the SSID is enabled for JUST MAC authentication, it connects successfully.

 

when I tick the check box for "Perform MAC authentication before 802.1x"  I never see a request to the RADIUS server for the MAC authentication or the 802.1x and the connection fails.

 

If I tick the checkbox for "MAC authentication fail-thru" then the connection goes through and I can see the 802.1x connection to the RADIUS server and it connects.

 

Thoughts on where the disconnect could be with why the MAC authentication is not happening first?

Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: IAP-205 Issues getting MAC and 802.1x to work at the same time

MAC authentication is not designed to work with 802.1X.

 

You can use the MAC address as an authorization point after an 802.1X authentication, but this would require a policy engine like ClearPass.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 14
Registered: ‎10-12-2010

Re: IAP-205 Issues getting MAC and 802.1x to work at the same time

Ok, needs clearpass for both to work. Thanks for your quick response.

Aruba Employee
Posts: 201
Registered: ‎07-14-2013

Re: IAP-205 Issues getting MAC and 802.1x to work at the same time

Actually this should work even with a third-party RADIUS server.. Can you share the output of 'show tech-support’ from your test bed? Can you consider opening a TAC ticket to debug?

Thanks,

Yan Liu
Search Airheads
Showing results for 
Search instead for 
Did you mean: