Controllerless Networks

Reply
Occasional Contributor I

aruba iap mac address error (deny all role..)

Hi all, i have 7 IAP (4 x IAP93 and 3 x IAP205).

IAP93 use a specific zone, so i can deploy an SSID only to this group of IAP.

 

Now i'm trying to deploy an SSID with WPA2 + MAC AUTH using internal db.

So i prevently added a test user (MAC in username field and password field) without delimiter in user list (selecting employee, not guest)

Then made an SSID in 2,4 ghz , but when i try to connect by my smartphone i can't connect (smartphone try to connect in loop, one time i 've see a client connected but with DENY ALL role)

If i remove MAC AUTH, wifi is ok instantly

 

What i can check?

I can't try now making SSID on IAP205 instead of IAP93

This is current firmware 6.4.2.6-4.1.1.7_50209, IAP93 is master virtual controller

Ask me for details, really thanks!

mattia

 

 

Guru Elite

Re: aruba iap mac address error (deny all role..)

The IAP-93 does not support mac authentication in the 4.1.x.x versions of code: (MAC authentication uses the Internal Radius Server).

 

Screenshot 2016-06-03 at 09.07.22.png

 

http://community.arubanetworks.com/t5/Software-Downloads/Aruba-Instant-6-4-2-6-4-1-1-10-Released-9-28-15/ta-p/255141

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: aruba iap mac address error (deny all role..)

Thanks...so it doesn't work also if i update to latest version?

(system notify there's a new update available -> 6.4.2.6-4.1.11_52666)

=:-(

 

I have to change IAP93 with a newer model or using a RADIUS\LDAP server?

Mattia

Guru Elite

Re: aruba iap mac address error (deny all role..)

It will not work on IAP-93s, even if you update, unfortunately.  You can use an external radius  or LDAP server to get around this, however.  

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: aruba iap mac address error (deny all role..)

Ok..last thing please.

I have to create object  with mac adress username\password in LDAP server, 

then connect aruba virtual controller to LDAP using objectfilter?

can you provide me a link to specific document?

thanks again

Mattia

Guru Elite

Re: aruba iap mac address error (deny all role..)

- Create an LDAP server using the instructions here:  http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-configure-LDAP-authentication-on-the-Instant-for-the/ta-p/181130

- Change the Authentication for mac address to point to that LDAP server.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: aruba iap mac address error (deny all role..)

ok.i see ldap is not the best solution, maybe i need to think about a radius server

Guru Elite

Re: aruba iap mac address error (deny all role..)

If you have a Windows Server, you already have a free radius server that you can install...  (IAS or NPS).

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: aruba iap mac address error (deny all role..)

my "chain" is made by 4 x IAP93 and 3 x IAP205

virtual master controller now is the third IAP93

what if i force master controller onone IAP205?

there's the same limitation about MAC AUTH feature?

thanks again

now i'm going to accept your answer..

Mattia

Guru Elite

Re: aruba iap mac address error (deny all role..)

It will not work if your user is trying to associate to an AP93.  Making the AP205 a preferred master does not change this, unfortunately...

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: