Controllerless Networks

Hi. I just want to assing clients to a specific VLAN if MAC auth fails. I have configured an open network with MAC auth to an external radius server, no captive portal configuration.

Assign users with MAC on my radius server to specfic VLAN is working fine, but I don't achieve assign VLAN to unauthenticated clientes.

Thank you in advance

Unauthenticated clients should end up in the default VLAN.  Authenticated users should end up in the VLAN that you return from radius.

Hi. Unauthenticated clients are not getting IP because they don't pass level2 validation. What I have done is configure my radius server to give an "accept" to clientes who fails mac validation in order to let them pass to the default VLAN.

Regards

What is your configuration?

Open Network with MAC authentication enabled. No captive portal.

Regards.

If you are using mac authentication, users should get the role in the initial role parameter of the AAA profile.  If they fail mac auth, they should stay in that initial role.  What is your question?  What are you trying to do exactly?

First of all It seems that I forget to mention that I'm using Instant Access Point :P... With Aruba Access Point and using an open Wireless Network with mac authentication I can't assing pre-authenticated role.

Regards,

Allright.  I apologize.

You should manage the failed authentication from your radius server.  Which radius server are you using?

I'm using freeradius. I configured it to respond with an ok if doesn't find MAC in the database. It the MAC is in database I assing a VLAN based on Aruba-Role stored in freeradius database. It appear to be working fine.

Regards,

If it is working, please mark this topic solved.  If not, your radius server should reply with the Aruba-User-VLAN attribute to set the correct VLAN.