Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 10
Registered: ‎02-06-2012

Setting up MAC authentication.

I've set up MAC authentication on an SSID intended for user-owned devices.  I have not configured any security since my intention is to allow only authorized MACs to connect and use the SSID in question.

My understanding is that one needs to enable MAC authentication, choose InternalServer, and then add MAC address as username and password in the internal server database for each device I wish to allow.

I'm finding that clients can connect even though I have not added their MAC addresses to the database.

This is IAP firmware 6.3.1.2-4.0.0.4_42384.

There are 4 access rules in this order:

Allow DNS to All

Allow http to All

Allow https to All

Deny Any to All

Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: Setting up MAC authentication.

Did you put mac addresses with no delimeter in the internal database?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 10
Registered: ‎02-06-2012

Re: Setting up MAC authentication.

That is correct, no delimeter; uppercase support disabled; blacklisting disabled.

Contributor II
Posts: 48
Registered: ‎05-14-2012

Re: Setting up MAC authentication.

[ Edited ]

What is the initial role in the AAA profile? Configure a policy called "DENYALL-POL" (any any any drop) and create a role called "DENYALL-ROLE". Assign DENYALL-POL to DENYALL-ROLE. Set this role as the initial role.

 

Configure Default MAC Authentication role whatever role you like. A device should get the Default MAC auth role if everything else is configured right.

Super Contributor II
Posts: 354
Registered: ‎09-26-2012

Re: Setting up MAC authentication.

Below is the configuration which i have done

 


!! Create MAC Authentication Profile
!! Create Server Group and add server in it
!! Create AAA profile and add Server Group & MAC Authentication profile in it
!! create ssid profile
!! create  vap and Assign AAA & ssid profile to VAP
!! create AP group and add VAP into it



aaa authentication mac "MAC-Athentication-Profile"
  delimiter colon
  max-authentication-failures 0

aaa server-group "MAC-Authentication-ServerGroup"
  auth-server "Internal" position 1

aaa profile "MAC-Authentication-AAA-Profile"
  mac-default-role authenticated
  initial-role logon
  mac-server-group "MAC-Authentication-ServerGroup"
  authentication-mac "MAC-Athentication-Profile"
  authentication-dot1x "default"

wlan ssid-profile "MAC-Authentication-SSID-Profile"
  essid MAC-Authentication
  wpa-passphrase murad123
  opmode wpa2-psk-aes

wlan virtual-ap "MAC-Authentication-VAP-Profile"
  vlan 1
  aaa-profile "MAC-Authentication-AAA-Profile"
  ssid-profile "MAC-Authentication-SSID-Profile"

ap system-profile "MAC-Authentication-APSystemProfile"

ap-group "AP-Group"
  virtual-ap "MAC-Authentication-VAP-Profile"

Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: