05-03-2017 12:37 AM - edited 05-03-2017 12:44 AM
I'm setting up a basic SSID with MAC address authentication on the mobility controller, using the endpoint list on CPPM as database for authentication. My test so far has had unexpected result, as the client was still able to associate and got IP address from DHCP, although it failed authentication. Below is my current config/status on mobility controller and CPPM:
Mobility Controller configuration (I use default config on guest and logon role):
Mobility Controller - client still associated:
Please let me know if there's anything wrong with my setup. I really appreciate your help.
05-03-2017 01:35 AM
If a client fails mac authentication and you have an initial role configured, failing mac authentication means that they still get the initial role. In advance configurations, they theoretically can still get an ip address and then "register" to the captive portal to then get access. A user who is already registered can skip the captive portal in that instance because they would pass mac authentication. If you want the client to just be rejected, do not configure an initial role.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base