05-11-2016 08:02 AM
I have a case where I would like to authenticate some devices that can't speak RADIUS, with MAC-Auth instead. I have both profiles enabled in my AAA-profile and i can see in the logs that the device passes MAC-Auth, but then continuing on failing the 802.1X Auth.
To my question:
Is it possible to make a solution where if MAC-Auth passes, the authentication process won't continue to 802.1x? In other word: If either MAC-Auth OR 802.1x-Auth passes, user gets authenticated.
Thanks in advice!
Solved! Go to Solution.
05-11-2016 08:15 AM
The common scenario is:
Open w/ MAC-Auth SSID (serves guests and MAC-auth devices)
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
05-12-2016 06:37 AM
To extend on that; what you ask can be done on wired. Just not on wireless.
The main reason for that WPA2-Enterprise does in addition to the 802.1X authentication the setup of the encryption keys in the same procedure. So if you have not done authentication, you cannot setup the encryption. Unfortunately there is no fallback for WPA2 (without encryption) if authentication fails, like with wired.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.