Controllerless Networks

Reply
Occasional Contributor II

How to do two step authentication, MAC-based & 802.1x?

http://community.arubanetworks.com/t5/Wireless-Access/How-to-do-two-step-authentication-MAC-based-amp-802-1x/td-p/20582

 

I came across this. I would like to know what role client will get if both authentication passed successfully?

 

Do I have to apply rules for mac too? or just 802.x rules will work.

E.g. I have configured vlan assignment based on the filter-id. 

 

Guru Elite

Re: How to do two step authentication, MAC-based & 802.1x?

It would get the default mac authentication role in the AAA profile.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: How to do two step authentication, MAC-based & 802.1x?

Does that mean I have configure rule for each mac?

 

Also, how can I restrict mobile devices connecting to 802.1x network? Can I pass filter-id for OS specific?

Guru Elite

Re: How to do two step authentication, MAC-based & 802.1x?

The easy way would be to setup your Windows clients to only authenticate with their Machine Credentials.  On your NPS Server, you would only allow authentication from the AD group "Domain Computers".



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: How to do two step authentication, MAC-based & 802.1x?

So I will be able to apply vlan policies like we do for user accounts based on the group membership.

Occasional Contributor II

Re: How to do two step authentication, MAC-based & 802.1x?

One more question, when user and machine based authentication enabled. Role assignment will happen based on user rules or machine? I mean how vlan will get assgined?

Guru Elite

Re: How to do two step authentication, MAC-based & 802.1x?


agirme wrote:

So I will be able to apply vlan policies like we do for user accounts based on the group membership.


You will not.  Only the machine will authenticate, so there is no visibility of the user on the machine from the 802.1x perspective.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: How to do two step authentication, MAC-based & 802.1x?


agirme wrote:

One more question, when user and machine based authentication enabled. Role assignment will happen based on user rules or machine? I mean how vlan will get assgined?


Are you using NPS for authentication?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: How to do two step authentication, MAC-based & 802.1x?

Yes, deployed NPS.

 

User and machine authentication was bit confusing and ended up deploying CA and certificate based authentication which is more easy and working seamlessly.

Going to rollout in production.

 

Able to assign vlans based on group a membership.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: