Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 6
Registered: ‎03-19-2014

Instant AP%2C 802.1X and MAC Auth%2C where to enter the MAC addresses

If using the Instants with 802.1X (external) and MAC authentication, where do the MAC addresses need to be entered? Can the MAC addresses be entered in the Internal Database, and then use the external RADIUS server for 802.1X, or do they both need to use the external RADIUS server? If the MAC addresses have to be authenticated by the RADIUS server, is there any documentation on how to configure the RADIUS server? Thanks!

Guru Elite
Posts: 8,328
Registered: ‎09-08-2010

Re: Instant AP%2C 802.1X and MAC Auth%2C where to enter the MAC addresses

They should both be in the same place. WIth 802.1X, you're using a MAC address as authorization data. 

 

What RADIUS server are you using?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 6
Registered: ‎03-19-2014

Re: Instant AP%2C 802.1X and MAC Auth%2C where to enter the MAC addresses

[ Edited ]


I'm using Windows Server 2008 NPS. If I just use RADIUS authentication I can connect to the SSID. If I check the box "Perform MAC authentication before 082.1X" I can't get connected. I was thinking I could put the MAC address of the client in the Internal Database as both the username and the password, but that doesn't seem to work. I noticed in the user guide that it states "MAC authentication shares all the authentication server configurations with 802.1X authentication," which seems to indicate that my Windows NPS server should authenticate the MAC address. Is that correct?

Guru Elite
Posts: 8,328
Registered: ‎09-08-2010

Re: Instant AP%2C 802.1X and MAC Auth%2C where to enter the MAC addresses

[ Edited ]

Yes, they must be the same server.

 

The only way to support MAC authentication in NPS is to create AD users with the MAC address as the username and password (which is not feasible in most environments).

http://technet.microsoft.com/en-us/library/dd197535%28WS.10%29.aspx


What are you trying to accomplish using MAC-auth and dot1X?

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba Employee
Posts: 201
Registered: ‎07-14-2013

Re: Instant AP%2C 802.1X and MAC Auth%2C where to enter the MAC addresses

That is correct. To use MAC + 1x authentication with Microsoft NPS, both the MAC and the 1X accounts should be programmed on the NPS server instead of the IAP?s internal server.

Thanks,

Yan Liu
Product Manager
Aruba Instant
US: +1 650 996-3520
China: +86 136 2121 6844
Search Airheads
Showing results for 
Search instead for 
Did you mean: