Controllerless Networks

Reply
Occasional Contributor I

aruba iap mac address error (deny all role..)

Hi all, i have 7 IAP (4 x IAP93 and 3 x IAP205).

IAP93 use a specific zone, so i can deploy an SSID only to this group of IAP.

 

Now i'm trying to deploy an SSID with WPA2 + MAC AUTH using internal db.

So i prevently added a test user (MAC in username field and password field) without delimiter in user list (selecting employee, not guest)

Then made an SSID in 2,4 ghz , but when i try to connect by my smartphone i can't connect (smartphone try to connect in loop, one time i 've see a client connected but with DENY ALL role)

If i remove MAC AUTH, wifi is ok instantly

 

What i can check?

I can't try now making SSID on IAP205 instead of IAP93

This is current firmware 6.4.2.6-4.1.1.7_50209, IAP93 is master virtual controller

Ask me for details, really thanks!

mattia

 

 

Guru Elite

Re: aruba iap mac address error (deny all role..)

The IAP-93 does not support mac authentication in the 4.1.x.x versions of code: (MAC authentication uses the Internal Radius Server).

 

Screenshot 2016-06-03 at 09.07.22.png

 

http://community.arubanetworks.com/t5/Software-Downloads/Aruba-Instant-6-4-2-6-4-1-1-10-Released-9-28-15/ta-p/255141



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: aruba iap mac address error (deny all role..)

Thanks...so it doesn't work also if i update to latest version?

(system notify there's a new update available -> 6.4.2.6-4.1.11_52666)

=:-(

 

I have to change IAP93 with a newer model or using a RADIUS\LDAP server?

Mattia

Guru Elite

Re: aruba iap mac address error (deny all role..)

It will not work on IAP-93s, even if you update, unfortunately.  You can use an external radius  or LDAP server to get around this, however.  



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: aruba iap mac address error (deny all role..)

Ok..last thing please.

I have to create object  with mac adress username\password in LDAP server, 

then connect aruba virtual controller to LDAP using objectfilter?

can you provide me a link to specific document?

thanks again

Mattia

Guru Elite

Re: aruba iap mac address error (deny all role..)

- Create an LDAP server using the instructions here:  http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-configure-LDAP-authentication-on-the-Instant-for-the/ta-p/181130

- Change the Authentication for mac address to point to that LDAP server.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: aruba iap mac address error (deny all role..)

ok.i see ldap is not the best solution, maybe i need to think about a radius server

Guru Elite

Re: aruba iap mac address error (deny all role..)

If you have a Windows Server, you already have a free radius server that you can install...  (IAS or NPS).



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: aruba iap mac address error (deny all role..)

my "chain" is made by 4 x IAP93 and 3 x IAP205

virtual master controller now is the third IAP93

what if i force master controller onone IAP205?

there's the same limitation about MAC AUTH feature?

thanks again

now i'm going to accept your answer..

Mattia

Guru Elite

Re: aruba iap mac address error (deny all role..)

It will not work if your user is trying to associate to an AP93.  Making the AP205 a preferred master does not change this, unfortunately...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: