Controllerless Networks

Reply
Occasional Contributor II

MAC-Authentication Automaic Push

We have a campus setup with Airwave and IAP's.  We our main headquarters and 5 remote sites with local virtual controllers.  We have an issue with users and there Ipad's and Iphone's, when there 90 day password expires and they are authenticated to our Wifi it locks out there Novell account.  We would like to combat this by setting up a pre-shared key with MAC authentication.  But so far it looks like we would have to manually enter all 150 different MAC addresses on each virtual controller.  Is there a way in Airwave to have one MAC database and it to automatically be pushed to all of the virtual controllers.  Also it would need to be pushed whenever the database is updated as new devices are added.  If this is not possible with IAP's can this be done with a Master Controller and Local controllers at each facility?

 

 

Moderator

Re: MAC-Authentication Automaic Push

Take a look at AirWave 7.7.5.when released in the next couple of days.  AirWave has a new UI that mimics the Instant WebUI.  You can configure the IAP Internal DB here.   This is done on a per-group basis and is documented in the IAP Deployment guide (DeployingInstantInAirwave.pdf).

 

Awave775.jpg

Occasional Contributor II

Re: MAC-Authentication Automaic Push

So it would be possible to create a "Master Group" that would hold our internal MAC DB and then we could have that "master group" pushed to the rest of our groups?

Re: MAC-Authentication Automaic Push

This is correct.  You should be able to use Airwave 7.7.5 for this per the comment above.  However, a better solution would be MAC auth using a radius server and centralize it that way if you have one.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II

Re: MAC-Authentication Automaic Push

Seth-

 

That would create a giant maintenance issue with having to dig into a config file on the radius server that would have to be constantly altered.  Plus MAC addresses aren't the nicest thing to enter in, we are just concerned that it will get a bad entry or something will eventually break.

Re: MAC-Authentication Automaic Push

Not if you had ClearPass....very easy to setup MAC address lists :)

 

However, with Airwave alone, you should be all set.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II

Re: MAC-Authentication Automaic Push

Ah yes Clearpass another 30k investment? Ha. The rest of the department here is just on the fence about Airwave and Instant, and are contemplating going back to all Controllers, which also would be quite expensive.

Re: MAC-Authentication Automaic Push

What are the issues with instant. Perhaps we can alleviate the concerns?

Sent from my iPhone
Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II

Re: MAC-Authentication Automaic Push

Basically the big issue is with the MAC address push.  We were led down a bad path of setting up Airwave, and it really needs to be redone from scratch.  It would be nice if it were possible to install a seperate instance of Airwave and redo everything and test with 2 of our smaller sites. 

Re: MAC-Authentication Automaic Push

You can certianly install a 90 day eval of Airwave for this purpose.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: