Security

Hi all,

I'm setting up a basic SSID with MAC address authentication on the mobility controller, using the endpoint list on CPPM as database for authentication. My test so far has had unexpected result, as the client was still able to associate and got IP address from DHCP, although it failed authentication. Below is my current config/status on mobility controller and CPPM:

Mobility Controller configuration (I use default config on guest and logon role):

CPPM log:

Mobility Controller - client still associated:

Please let me know if there's anything wrong with my setup. I really appreciate your help.

Thank you,

If a client fails mac authentication and you have an initial role configured, failing mac authentication means that they still get the initial role.  In advance configurations, they theoretically can still get an ip address and then "register" to the captive portal to then get access.  A user who is already registered can skip the captive portal in that instance because they would pass mac authentication.  If you want the client to just be rejected, do not configure an initial role.

Hi Colin, 

Can you tell me how to not attach the initial role to the SSID? It looks like the GUI doesn't have such option.

Hi Colin,

Can you tell me how to not attach the initial role to SSID? It looks like the GUI doesn't have such option.

Hi Colin,

Can you tell me how to not attach the initial role to SSID? It looks to me the GUI doesn't have such option.

Hi Colin,

Can you tell me how to not attach the initial role to SSID? It looks like the GUI doesn't have such option.

Hi Colin,

Can you please tell me how to not attach the initial role to SSID? It looks to me the GUI doesn't have such option.