ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 17
Registered: ‎06-06-2010

OS 5.2 mac authentication issue

Hi,
Recently i have upgraded from 3.4.3 to 5.2 OS eversince the mac authentication is not working . The users are not getting blacklisted . this was working fine with the previous Os

Any suggestions ??
Occasional Contributor II
Posts: 17
Registered: ‎06-06-2010

Mac Authentication issue in os 5.2

Hi,

The OS i was referring to is of the controller ,In my case its purely windows platform . Mac authentication was working fine with the previous Os ,ever since i have upgraded to 5.2 it does not work. the debug for a client shows :

Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 Station UP: BSSID=00:24:6c:d5:0a:33 ESSID=fjwc VLAN=58 AP-name=FF-ITSN
Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 ingress 0x1091 (tunnel 17), u_encr 1, m_encr 1, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 IP=10.23.64.21 Send mobility delete message, flags=0x20
Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 IP=10.23.64.21 User entry deleted: reason=essid change
Sep 26 16:54:08 authmgr 00:1e:65:a2:16:84: station datapath entry deleted
Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 IP=0.0.0.0: MAC auth start: entry-type=L2, bssid=00:24:6c:d5:0a:33, essid=fjwc sg=default
Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 IP=0.0.0.0 Authentication result=Authentication failed method=MAC server=Internal
Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 IP=0.0.0.0: MAC auth fail: entry-type=L2, bssid=00:24:6c:d5:0a:33
Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 def_vlan 58 derive vlan: 0 auth_type 0 auth_subtype 0
Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 IP=10.23.58.79 User miss: ingress=0x1091, VLAN=58
Sep 26 16:54:08 authmgr MAC=00:1e:65:a2:16:84 IP=10.23.58.79 User entry added: reason=Sibtye
Sep 26 16:54:08 authmgr Station inherit: IP=10.23.58.79 start bssid:00:00:00:00:00:00 essid: port:0x1091 (0x1091)
Sep 26 16:54:08 authmgr {L3} Update role from logon to logon for IP=10.23.58.79
Sep 26 16:54:08 authmgr Reset BWM contract: IP=10.23.58.79 role=logon, contract= (0), type=Per role
Sep 26 16:54:08 authmgr station inherit IP=10.23.58.79 bssid:00:24:6c:d5:0a:33 essid: fjwc auth:0 type: role:logon port:0x1091
Sep 26 16:54:08 authmgr {10.23.58.79} autTable (" Unauthenticated logon ")
Sep 26 16:54:08 authmgr download: ip=10.23.58.79 acl=1/0 role=logon, Ubwm=0, Dbwm=0 tunl=0x1091, PA=0, HA=1, RO=0, VPN=0



by default the client was supposed to be blacklisted it does not happen.
Guru Elite
Posts: 21,561
Registered: ‎03-29-2007

MAC authentication

I apologize. I did not read the post right.

With regards to blacklisting due to authentication, make sure that "Station Blacklisting" is enabled on the Virtual AP, your MAC authentication profile has a max authentication failures number of greater than Zero. Also make sure that you have the Wireless Intrusion protection license installed ("show keys" on the commandline"), because that is necessary for authentication failure blacklisting.

An alternate method of achieving what you want is to have the "Initial Role" of the SSID to be a blocked role (a role with deny all), so that the device will have to pass mac authentication to even pass traffic. The device that passes mac authentication will get another production role that will allow normal traffic.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 17
Registered: ‎06-06-2010

Re: OS 5.2 mac authentication issue

the issue is i was using this and was working fine in OS 3.4 any special settings to be done in 5.2 ?

I don't have liscence for Wirless intrusion protection. Station black listing is enabled on this ssid .
Please advice...
Guru Elite
Posts: 21,561
Registered: ‎03-29-2007

Blacklisting without WIP license

I am wrong. You should not need the WIP license to do authentication blacklisting.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 17
Registered: ‎06-06-2010

Re: OS 5.2 mac authentication issue

Deos any one have an idea about this why mac authencation is not working in OS version 5.2 ??
Guru Elite
Posts: 21,561
Registered: ‎03-29-2007

Bug

That would be a bug.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: