Wireless Access

Occasional Contributor II

MAC + 802.1x Authentication Policy on Controller

If I have 1 SSID, at this SSID, Can I do this as below?

1) 802.1x + Permitted MAC Address = Return Role1

2) If failed from 1) (authenticate with 802.1x only) = Return Role2


Authentication Server = Microsoft radius (NPS)

Guru Elite

Re: MAC + 802.1x Authentication Policy on Controller

Yes, you can.




If you have a mac authentication profile configured in the AAA profile, mac authentication occurs first before 802.1x authentication.  If you have l2-authentication-fail-through disabled in the AAA profile (default), the client will be rejected immediately if mac authentication fails.  If you have l2-authentication-fail-through enabled, the client will continue onto 802.1x authentication even if mac authentication fails.  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_profile.htm?Highlight=l2-auth-fail-through

Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: