Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MAC-Authentication and 802.1x Auth / either or?

This thread has been viewed 2 times

  • 1.  MAC-Authentication and 802.1x Auth / either or?

    Posted May 11, 2016 11:03 AM

    Hi,

     

    I have a case where I would like to authenticate some devices that can't speak RADIUS, with MAC-Auth instead. I have both profiles enabled in my AAA-profile and i can see in the logs that the device passes MAC-Auth, but then continuing on failing the 802.1X Auth.

     

    To my question:

     

    Is it possible to make a solution where if MAC-Auth passes, the authentication process won't continue to 802.1x? In other word: If either MAC-Auth OR 802.1x-Auth passes, user gets authenticated.

     

    Thanks in advice!

     



  • 2.  RE: MAC-Authentication and 802.1x Auth / either or?

    EMPLOYEE
    Posted May 11, 2016 11:16 AM
    You cannot do non-802.1X and 802.1X on the same SSID.



    The common scenario is:



    802.1X SSID

    Open w/ MAC-Auth SSID (serves guests and MAC-auth devices)


  • 3.  RE: MAC-Authentication and 802.1x Auth / either or?
    Best Answer

    EMPLOYEE
    Posted May 12, 2016 09:38 AM

    To extend on that; what you ask can be done on wired. Just not on wireless.

     

    The main reason for that WPA2-Enterprise does in addition to the 802.1X authentication the setup of the encryption keys in the same procedure. So if you have not done authentication, you cannot setup the encryption. Unfortunately there is no fallback for WPA2 (without encryption) if authentication fails, like with wired.