I will try my best here. We are using verison 8.3.0.3. Mr. Capalli, that is a separate question from this topic. I am charged with the resposibility to get this done this way. Alternative options for dual authentication can be addressed in a spearate question. Right now I just need to get this to work this way and then address an alternative topic at another time. Fyi, the only alternate idea I have heard was to use Actiuve Directory; butm that is a separate questions from here.
1. I creted a L2 Authentication, specifically for MAC Authenticaiton , from teh Group Managed Node level (Mobility Master Web User Interface).
a. See MAC_Based_Dual.png attached.
2. In the WLAN Settings, I enabled the MAC Authenticaiton box from the Security tab in the WLAN configuration.
a. See attached MAC_Based_Dual_II.png
b. 1st dropdown option below the 'Retype' box.
3. See the Access tab for WLAN has 'guest' for the MAC Authentication role. MAC_Based_Access_option.png
a. The guerst role is associated in thispicure.
b. I wonder if that is the correct setting.
c. If I show the local-userdb internal database all of the MAC Addresses are listed in th e'Guest' role.
(XXXXXXXX) [MDC] #show local-userdb
User Summary
------------
Name Password Role E-Mail Enabled Expiry Status Sponsor-Name Remote-IP Grantor-Name
---- -------- ---- ------ ------- ------ ------ ------------ --------- ------------
test ******** guest Yes Active 0.0.0.0 seamless-logon-w
XX-XX-XX-XX-XX-XX ******** guest Yes Active 0.0.0.0 seamless-logon-w
XX-XX-XX-XX-XX-XX ******** guest Yes Active 0.0.0.0 seamless-logon-w
XX-XX-XX-XX-XX-XX ******** guest Yes Active 0.0.0.0 seamless-logon-w
4. In the 'WLAN' profiles section. MAC Authentication Default Role is 'guest'. The AAA Profile is named 'XYZ'.
a. See attached pic: AAA_web_profile.png.
5. If I use the command line from the MM to the managed node.
(XXXXXXXX) [XX:XX:XX:XX:XX:XX] (config) #aaa profile XYX
(XXXXXXXX) ^[XX:XX:XX:XX:XX:XX] (AAA Profile "XYZ") #authentication-mac XYZ_MAC_List
(XXXXXXXX) ^[XX:XX:XX:XX:XX:XX] (AAA Profile "XYZ") #write memory
Is there any other specific information that you need? I really do nto knwo how to di this correctly so I am follwoing the instrucitons from bloggers thet best I can.
From the cli of the managed device.
(XXXXXXXX) [MDC] #show aaa main-profile summary
AAA Profile summary
-------------------
Name role mac-auth
-------- ----------- --------------
XYZ logon XYZ_MAC_List