Wireless Access

Reply
Occasional Contributor II
Posts: 124
Registered: ‎10-26-2016

Configuring an open SSID with mac authetication

I am intending to allow few legacy devices on open ssid, however would want to have mac authenticaiton enabled to prevent unwanted users connected on to this SSID.

For this:

  • I have created a VAP profile with SSID for open authentication.
  • Created a MAC authentication profile (Security --> Authentication -->  L2 Authentication --> MAC Authentication)
  • Added the MAC address of the end host which needs to get connected on the open SSID (Security --> Authentication --> Servers --> Internal database --> add user --> Have added mac address of end host in username and Password  and added it.

From here I am lost. What should I be doing to have this end host mac address be mapped against the VAP profile?

 

As always appreciate valuable responses here.

 

Thanks

Guru Elite
Posts: 20,785
Registered: ‎03-29-2007

Re: Configuring an open SSID with mac authetication

Please see step C here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-MAC-based-authentication-on-Aruba/ta-p/182430

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 124
Registered: ‎10-26-2016

Re: Configuring an open SSID with mac authetication

Thanks Joseph

C. Map this MAC authentication profile into the respective aaa profile.

Example:

aaa profile <profile name>
authentication-mac <profile name>

 

After mapping the mac-authentication profile to aaa profile of vap, what should be the "initial role", "mac authentication default role", & "dot1x authentication default role" be mapped with as "user roles" in order to ensure that the users on the SSID are forced to under to mac authentication?

Guru Elite
Posts: 20,785
Registered: ‎03-29-2007

Re: Configuring an open SSID with mac authetication

The initial role is what users will get if they do not pass mac authentication.  The mac authentication role is what they will get if they pass.  All devices will be mac authenticated and get the mac authentication role if they pass mac authentication.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 507
Registered: ‎05-11-2011

Re: Configuring an open SSID with mac authetication

As Coli said - initial role is the role every device that connects will be placed in, unless they pass the mac-auth and are placed in the mac-auth role.

So for your case - create a denyall role and add that as your initial-role to prevent non-authorized devices to using the network.


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: