09-28-2016 10:22 PM
If I have 1 SSID, at this SSID, Can I do this as below?
1) 802.1x + Permitted MAC Address = Return Role1
2) If failed from 1) (authenticate with 802.1x only) = Return Role2
Authentication Server = Microsoft radius (NPS)
09-29-2016 02:26 AM
Yes, you can.
If you have a mac authentication profile configured in the AAA profile, mac authentication occurs first before 802.1x authentication. If you have l2-authentication-fail-through disabled in the AAA profile (default), the client will be rejected immediately if mac authentication fails. If you have l2-authentication-fail-through enabled, the client will continue onto 802.1x authentication even if mac authentication fails. http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_profile.htm?Highlight=l2-auth-fail-through
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base