Security

Reply
New Contributor
Posts: 2
Registered: ‎03-18-2014

Aruba IAP 105, WPA2 + MAC authentication

Hi,

 

Here is the situation:

A single IAP 105 (OS 6.2) + Radius (Windows 2008 Server)

 

For the Employee WLAN, I would like to put WPA2 + MAC authentication. The WPA2 authentication is OK, i've checked "Mac authentication before 802.1X" but i don't find where to add the MAC adress list. Is it on the Radius Server? i've tried this way but it's unsuccessfull: https://kb.meraki.com/knowledge_base/creating-an-nps-policy-for-mac-based-authentication

 

How to activate the Mac authentication?

 

Thanks in advance.

 

 

 

Guru Elite
Posts: 20,768
Registered: ‎03-29-2007

Re: Aruba IAP 105, WPA2 + MAC authentication

http://www.arubanetworks.com/techdocs/Instant_40_WebHelp/InstantWebHelp.htm#UG_files/Authentication/MAC + 802.1X Authentication.htm



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 2
Registered: ‎03-18-2014

Re: Aruba IAP 105, WPA2 + MAC authentication

Thanks but i've already done that...Even the "failthrough" doesn't work, in le logs of the NPS server:

Reason Code:                                        16

Reason:                                                  Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

 

The user in NPS logs is the MAC adress, so i created an AD user with name & password = MAC adress of the computer

and i 've the same issue with a different error code:

Reason Code: 65

Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

 

So on the NPS server i've added a policy with condition "calling ID"  like descibed in this article but the issue is the same:

http://blogs.technet.com/b/nap/archive/2006/09/08/454705.aspx

 

I really don't know where to search...

Guru Elite
Posts: 20,768
Registered: ‎03-29-2007

Re: Aruba IAP 105, WPA2 + MAC authentication

If you are getting Reason code 65, you need to enable "Ignore user account dialin properties" in your remote access policy.ignore.PNG



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: