Security

Reply
Occasional Contributor II
Posts: 17
Registered: ‎10-01-2015

MAC-Authentication and 802.1x Auth / either or?

Hi,

 

I have a case where I would like to authenticate some devices that can't speak RADIUS, with MAC-Auth instead. I have both profiles enabled in my AAA-profile and i can see in the logs that the device passes MAC-Auth, but then continuing on failing the 802.1X Auth.

 

To my question:

 

Is it possible to make a solution where if MAC-Auth passes, the authentication process won't continue to 802.1x? In other word: If either MAC-Auth OR 802.1x-Auth passes, user gets authenticated.

 

Thanks in advice!

 

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: MAC-Authentication and 802.1x Auth / either or?

You cannot do non-802.1X and 802.1X on the same SSID.



The common scenario is:



802.1X SSID

Open w/ MAC-Auth SSID (serves guests and MAC-auth devices)

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 447
Registered: ‎11-04-2011

Re: MAC-Authentication and 802.1x Auth / either or?

To extend on that; what you ask can be done on wired. Just not on wireless.

 

The main reason for that WPA2-Enterprise does in addition to the 802.1X authentication the setup of the encryption keys in the same procedure. So if you have not done authentication, you cannot setup the encryption. Unfortunately there is no fallback for WPA2 (without encryption) if authentication fails, like with wired. 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
Search Airheads
Showing results for 
Search instead for 
Did you mean: