Wireless Access

Reply
Contributor I
Posts: 79
Registered: ‎04-09-2014

I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not working

I try first to use this procedure to test only L2 MAC Address Authentication but is not working:

 

http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/For-the-Beginner-MAC-Authentication-using-the-Controller/ta-p/32188

 

I can notice that controller version shown in the link is different from mine:

mine: 6.4.2.4

 

my WLC is a 7030

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

Are you using PSK or 802.1X authentication? 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 79
Registered: ‎04-09-2014

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

Hi, I'm going to use PSK WAP2-AES.

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

Can you post a screenshot of your AAA profile? 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 79
Registered: ‎04-09-2014

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

I deleted all configuration of MAC but was the same as the Link I sent.

I created a MAC Auth profile in Security > Authentication > L2 Authentication with colon and lower, then the server group,... and so on just as the link said. Tried twice!

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

If the user fails MAC auth, they will be dumped into the initial role. Is that the role the device got? 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 79
Registered: ‎04-09-2014

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

user in bold letter is the only user added to the internal database:

 


local-userdb add username 84:3a:4b:29:19:52 password 84:3a:4b:29:19:52

 

WLC_WIFI) #show user-table

Users
-----
    IP              MAC            Name              Role           Age(d:h:m)  Auth  VPN link  AP name  Roaming   Essid/Bssid/Phy               Profile         Forward mode  Type   Host Name
----------     ------------       ------             ----           ----------  ----  --------  -------  -------   ---------------               -------         ------------  ----   ---------
192.168.1.105  84:3a:4b:29:19:52  84:3a:4b:29:19:52  guest          00:00:59    MAC             Stock-2  Wireless  TEMPO/94:b4:0f:91:7a:f3/a-HT  TEMPO-aaa_prof  tunnel        Win 7  
192.168.0.24   6c:88:14:45:fb:cc                     authenticated  00:00:59                    Stock-2  Wireless  TEMPO/94:b4:0f:91:7a:f3/a-HT  TEMPO-aaa_prof  tunnel        Win 7  

User Entries: 2/2
 Curr/**bleep** Alloc:8/937 Free:5/929 Dyn:13 AllocErr:0 FreeErr:0

 

 

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

What is your initial-role set to?

 

What is the role you assigned to that MAC in the internal database?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 79
Registered: ‎04-09-2014

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

Hi, I think that your question was the key to solve the problem I had. I put the initial role in deny all. Then when I used any machine defined in Internal database, everything works fine. Can I define users by groups, to use some MACs for an SSID and the some other MACs for other different SSID. How can I do this?. Creating a new role?

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

No, you would need an external policy engine like ClearPass to get that
granular.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: