Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Security in mixed authentication modes environment

This thread has been viewed 0 times

  • 1.  Security in mixed authentication modes environment

    Posted Apr 22, 2012 08:57 AM

    Hello,

     

    In ArubaOS6.1 UserGuide, I found that when using mac-authentication AND 802.1x-authentication, the association mode is dynamic-wep.

    (p. 323, table 58)

     

    If I choice mixed authentication mode, can't select wpa2-aes or other encryption mode other than dynamic-wep?

     

    Thanks.



  • 2.  RE: Security in mixed authentication modes environment

    EMPLOYEE
    Posted Apr 22, 2012 09:37 AM
    @pusuke wrote:

    Hello,

     

    In ArubaOS6.1 UserGuide, I found that when using mac-authentication AND 802.1x-authentication, the association mode is dynamic-wep.

    (p. 323, table 58)

     

    If I choice mixed authentication mode, can't select wpa2-aes or other encryption mode other than dynamic-wep?

     

    Thanks.

    That chart can be misleading (even to me).  By default, if you enable mac authentication and any other 802.1x encryption, if you fail mac authentication, the 802.1x will NOT be permitted to proceed.  Enabling l2 fail through allows you to continue if mac authentication fails.

     

    If you choose mixed authentication, the same rules should apply.

     

    What scenario do you envision?

     



  • 3.  RE: Security in mixed authentication modes environment

    Posted Apr 22, 2012 10:40 AM

    Thanks for your reply,

     

    My envisioning scenario is users must pass both mac authentication and 802.1x, and use wpa2-aes.

    And my interesting is that , whether I can use wpa2-aes or not in mixd authentication environment with ArubaOS6.1.x.

    (because only dynamic-wep is in UsersGuide)

     

     



  • 4.  RE: Security in mixed authentication modes environment

    EMPLOYEE
    Posted Apr 22, 2012 11:46 AM
    @pusuke wrote:

    Thanks for your reply,

     

    My envisioning scenario is users must pass both mac authentication and 802.1x, and use wpa2-aes.

    And my interesting is that , whether I can use wpa2-aes or not in mixd authentication environment with ArubaOS6.1.x.

    (because only dynamic-wep is in UsersGuide)

     

     


    You can use mac auth and 802.1x and by default it will work the way you want it:  a user must pass mac authentication, otherwise 802.1x will not occur.  If you enable layer2 fail-through, a user does NOT have to pass mac auth, for 802.1x auth to occur.

     

    I am not sure if you can use WPA2-AES in a mixed environment like you mention.

     

     

     



  • 5.  RE: Security in mixed authentication modes environment

    Posted Apr 23, 2012 08:47 AM

    Thanks for that, and so, mac authentication OR 802.1x is with ArubaOS6.1 only?(Other versions are "AND" authentication?)

    As to association mode, I verified WPA-2-AES can be used.

     

    Thanks.