05-02-2014 07:43 AM
I've set up MAC authentication on an SSID intended for user-owned devices. I have not configured any security since my intention is to allow only authorized MACs to connect and use the SSID in question.
My understanding is that one needs to enable MAC authentication, choose InternalServer, and then add MAC address as username and password in the internal server database for each device I wish to allow.
I'm finding that clients can connect even though I have not added their MAC addresses to the database.
This is IAP firmware 22.214.171.124-126.96.36.199_42384.
There are 4 access rules in this order:
Allow DNS to All
Allow http to All
Allow https to All
Deny Any to All
05-02-2014 08:20 AM
Did you put mac addresses with no delimeter in the internal database?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
05-02-2014 08:37 AM - edited 05-02-2014 08:38 AM
What is the initial role in the AAA profile? Configure a policy called "DENYALL-POL" (any any any drop) and create a role called "DENYALL-ROLE". Assign DENYALL-POL to DENYALL-ROLE. Set this role as the initial role.
Configure Default MAC Authentication role whatever role you like. A device should get the Default MAC auth role if everything else is configured right.
05-05-2014 07:10 AM
Below is the configuration which i have done
!! Create MAC Authentication Profile
!! Create Server Group and add server in it
!! Create AAA profile and add Server Group & MAC Authentication profile in it
!! create ssid profile
!! create vap and Assign AAA & ssid profile to VAP
!! create AP group and add VAP into it
aaa authentication mac "MAC-Athentication-Profile"
aaa server-group "MAC-Authentication-ServerGroup"
auth-server "Internal" position 1
aaa profile "MAC-Authentication-AAA-Profile"
wlan ssid-profile "MAC-Authentication-SSID-Profile"
wlan virtual-ap "MAC-Authentication-VAP-Profile"
ap system-profile "MAC-Authentication-APSystemProfile"
Syed Murad Ali
ACMP ACMA CCNA