11-15-2014 04:46 PM
03-21-2017 12:22 AM
Does this mean you can do PSK auth, have a device get the AAA initial role, then have that role subsequently changed by a user derivation rule? It says in the docs that user derivation rules apply pre-authentication, I thought that meant it would only apply to open SSID users. Please confirm. thank you.
2 weeks ago
No, because no authentication has occurred.
With WPA2-PSK you must enter the preshared key when you connecto to the network and the controller checks that preshared key, it is correct you can access the network, otherwise you can't. For me this is a kind of authentication, do you mean an authentication based on user?
a week ago
I think Tim means that no authentication has occurred against Clearpass. I asked a similar question a while back here: https://community.arubanetworks.com/t5/Security/PSK-SSID-Endpoint-Repository-for-role-assignment/m-p/297425#M31804
Once MAC auth was configured, I was able to leverage additional authorization steps against Clearpass to determine which role the client should be getting.