Wireless Access

Occasional Contributor II

MAC + 802.1x Authentication Policy on Controller

If I have 1 SSID, at this SSID, Can I do this as below?

1) 802.1x + Permitted MAC Address = Return Role1

2) If failed from 1) (authenticate with 802.1x only) = Return Role2


Authentication Server = Microsoft radius (NPS)

Guru Elite

Re: MAC + 802.1x Authentication Policy on Controller

Yes, you can.




If you have a mac authentication profile configured in the AAA profile, mac authentication occurs first before 802.1x authentication.  If you have l2-authentication-fail-through disabled in the AAA profile (default), the client will be rejected immediately if mac authentication fails.  If you have l2-authentication-fail-through enabled, the client will continue onto 802.1x authentication even if mac authentication fails.  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_profile.htm?Highlight=l2-auth-fail-through

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: