Security

Reply
New Contributor
Posts: 1
Registered: ‎01-16-2013

802.1x and MAC authentication

Hi,

 

When I do WPA-2 Ent authentication to a NPS (radius) server, with "Perform MAC authentication before 802.1X" enabled, the username i entered doesn't get passed to the radius server. It passed the hardware MAC address to the radius server instead.

 

Testing with either just the MAC or 802.1x authentication only works fine. But not when both are selected.

 

Is this normal or it cannot be done with the instant AP?

 

Thanks,

jeremy

New Contributor
Posts: 2
Registered: ‎12-05-2013

Re: 802.1x and MAC authentication

is anyone have any solution for this ? 

 

THanks,

Pritesh

Guru Elite
Posts: 19,990
Registered: ‎03-29-2007

Re: 802.1x and MAC authentication

Where is the option "Perform Mac Authentication first" configured?  On the NPS server?  

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 2
Registered: ‎12-05-2013

Re: 802.1x and MAC authentication

this option is on the Aruba IAP 105  not on NPS server.  

if we create user for mac address ( username+password = system mac id )  as well then only it able to connect.

 

is there any way that mac address authentication will use internal database of Aruba IAP and pass username/password to radius ?

 

 

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: 802.1x and MAC authentication


pritesh.patil@claricetechnologies.com wrote:

is there any way that mac address authentication will use internal database of Aruba IAP and pass username/password to radius ?


nope it seems you can't, the both are send to the same server. one of the limits of the IAP at this moment.

Ei
Occasional Contributor I
Posts: 9
Registered: ‎05-01-2016

Re: 802.1x and MAC authentication

Can we use mac+ 802.1 authentication on Controller 7010? If yes, where's the option to put mac address? Would it be on radius server or internal database?

 

Thanks

Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: 802.1x and MAC authentication

For wireless or wired users?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Ei
Occasional Contributor I
Posts: 9
Registered: ‎05-01-2016

Re: 802.1x and MAC authentication

For wireless. We would like to deploy radius+ mac authentication.

 

Thanks

Ei
Occasional Contributor I
Posts: 9
Registered: ‎05-01-2016

Re: 802.1x and MAC authentication

For wireless users. Would like to deploy radius + mac authentication on WLC 7010. But couldn't find sample configuration. Thanks

 

Occasional Contributor I
Posts: 9
Registered: ‎08-06-2015

Re: 802.1x and MAC authentication

[ Edited ]

 

Hi at all,

I can´t say anything about the 7010 we have a 3200 controller.

We have different SSID´s with different authentication methods for different types of endpoints.

Similar for mobile devices (iPhone / iPad) we have Mac Auth + 802.1 X. So we have to enter the mac address into the internal database of the aruba controller (3200). If this happen the, now the user must authenticate his device with a active directory account over the nps.

You must do both on controller, can´t do one on the IAP and the other in the controller.

So you must configure under “ Security > Authentication > Servers > RADIUS Server” your radius server and under “Security > Authentication > Servers > Internal DB” you must insert the mac address.

Search Airheads
Showing results for 
Search instead for 
Did you mean: