Wireless Access

Reply
Occasional Contributor II
Posts: 15
Registered: ‎06-12-2015

MAC + 802.1x Authentication Policy on Controller

If I have 1 SSID, at this SSID, Can I do this as below?

1) 802.1x + Permitted MAC Address = Return Role1

2) If failed from 1) (authenticate with 802.1x only) = Return Role2

 

Authentication Server = Microsoft radius (NPS)

Guru Elite
Posts: 21,031
Registered: ‎03-29-2007

Re: MAC + 802.1x Authentication Policy on Controller

Yes, you can.

 

http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/MAC_Authentication/Configuring_MAC_Based_Au.htm#mac_authentication_3812164677_1037542

 

If you have a mac authentication profile configured in the AAA profile, mac authentication occurs first before 802.1x authentication.  If you have l2-authentication-fail-through disabled in the AAA profile (default), the client will be rejected immediately if mac authentication fails.  If you have l2-authentication-fail-through enabled, the client will continue onto 802.1x authentication even if mac authentication fails.  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_profile.htm?Highlight=l2-auth-fail-through



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: