Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎04-01-2012

Security in mixed authentication modes environment

Hello,

 

In ArubaOS6.1 UserGuide, I found that when using mac-authentication AND 802.1x-authentication, the association mode is dynamic-wep.

(p. 323, table 58)

 

If I choice mixed authentication mode, can't select wpa2-aes or other encryption mode other than dynamic-wep?

 

Thanks.

Guru Elite
Posts: 21,264
Registered: ‎03-29-2007

Re: Security in mixed authentication modes environment


pusuke wrote:

Hello,

 

In ArubaOS6.1 UserGuide, I found that when using mac-authentication AND 802.1x-authentication, the association mode is dynamic-wep.

(p. 323, table 58)

 

If I choice mixed authentication mode, can't select wpa2-aes or other encryption mode other than dynamic-wep?

 

Thanks.


That chart can be misleading (even to me).  By default, if you enable mac authentication and any other 802.1x encryption, if you fail mac authentication, the 802.1x will NOT be permitted to proceed.  Enabling l2 fail through allows you to continue if mac authentication fails.

 

If you choose mixed authentication, the same rules should apply.

 

What scenario do you envision?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎04-01-2012

Re: Security in mixed authentication modes environment

Thanks for your reply,

 

My envisioning scenario is users must pass both mac authentication and 802.1x, and use wpa2-aes.

And my interesting is that , whether I can use wpa2-aes or not in mixd authentication environment with ArubaOS6.1.x.

(because only dynamic-wep is in UsersGuide)

 

 

Guru Elite
Posts: 21,264
Registered: ‎03-29-2007

Re: Security in mixed authentication modes environment


pusuke wrote:

Thanks for your reply,

 

My envisioning scenario is users must pass both mac authentication and 802.1x, and use wpa2-aes.

And my interesting is that , whether I can use wpa2-aes or not in mixd authentication environment with ArubaOS6.1.x.

(because only dynamic-wep is in UsersGuide)

 

 



You can use mac auth and 802.1x and by default it will work the way you want it:  a user must pass mac authentication, otherwise 802.1x will not occur.  If you enable layer2 fail-through, a user does NOT have to pass mac auth, for 802.1x auth to occur.

 

I am not sure if you can use WPA2-AES in a mixed environment like you mention.

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎04-01-2012

Re: Security in mixed authentication modes environment

Thanks for that, and so, mac authentication OR 802.1x is with ArubaOS6.1 only?(Other versions are "AND" authentication?)

As to association mode, I verified WPA-2-AES can be used.

 

Thanks.

Search Airheads
Showing results for 
Search instead for 
Did you mean: