Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 6
Registered: ‎01-07-2015

MAC and 802.1X Authentication for a Wireless Network

[ Edited ]

Hello, I'm looking to secure my guest wireless access with a NAC system. I don't want to run a open network with a simple wireless portal because everyone will be able to ears drop on the traffic so this problem brought me to MAC and 802.1X Authentication but there are some details regarding the encryption i can't seem to find.

 

Basically my WIFI will first try MAC and then username.My NAC will accept any MAC and return a registration vlan. The guest registers he's personal information and will be moved to a internet vlan. Now to my question. What will be used as encryption key for my wireless session? will this be the mac address of the wireless device which is easy to spoof or some random generated key ?

 

Thank you in advance.

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: MAC and 802.1X Authentication for a Wireless Network

Hi friend,

 

Always encryption of the traffic depends on the Opmode of the SSID profile, if it is open means there is no encryption else if it is otherthan open ( WEP, WPA-PSK, WPA etc) traffic will be encrypted accordingly.

 

therefore, your NAC is using the MAC address for authentication not for the encryption.

 

Hope got some clarity,

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Guru Elite
Posts: 8,201
Registered: ‎09-08-2010

Re: MAC and 802.1X Authentication for a Wireless Network

There would be no encryption. 

Since this is a guest network, you would need to use either a PSK or implement something like EAP-PEAP-Public (with ClearPass)

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 6
Registered: ‎01-07-2015

Re: MAC and 802.1X Authentication for a Wireless Network

Hi, Thank you for your answer but i think i might have to rephrase my questions. What key will be used as encryption key when i use WPA2 802.1x Mac auth ?
Guru Elite
Posts: 8,201
Registered: ‎09-08-2010

Re: MAC and 802.1X Authentication for a Wireless Network

There is no such thing as 802.1X MAC auth. 

If you are doing 802.1X, you would be using either username/password or a certificate. Encryption keys are dynamically created based on the EAP authentication with your RADIUS server. The MAC address can be used for authorization as part of the policy decision. 

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: MAC and 802.1X Authentication for a Wireless Network

Hi,

 

As you mentioned that you are using WPA2, always key ( TK) will be derived by the dot11i 4way Handshake. 

 

Further encryption will be taken care by either TKIP or AES as per the selection.

 

Hence MAC address will be limite to authentication it will not be used for encryption if you enable WPA2

 

Hope got your answer .

 

Please feel free for any further query on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor I
Posts: 6
Registered: ‎01-07-2015

Re: MAC and 802.1X Authentication for a Wireless Network

[ Edited ]

Hi Tim,

 

Thank you for your clarifying :)

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: