Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎11-18-2016

MAC Auth not happening for certain clients, stuck in Initial Role

I have a Hidden SSID set up for only MAC Auth. It is set up so only a specific 30 clients can connect. The SSID is open, and these clients should connect and authenticate using Internal DB.

 

Currently this setup is working great, but for some reason certain clients won't authenticate. They will connect to the SSID and get an initial role, and then nothing. I've tried deleting them and re-adding them from the internal DB. I've tried disconnecting and recoonecting them, and even deleting them from the controller. Every time they connect they end up stuck in the initial role. Meanwhile 24 or so of these client authenticate without any issue.

 

All the clients are connection to 1 of 2 aps, same group, same controller, same aaa profile, same everything.

 

Any ideas?

Guru Elite
Posts: 21,261
Registered: ‎03-29-2007

Re: MAC Auth not happening for certain clients, stuck in Initial Role

Enable user debugging for the clients that have issues:  https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=21076

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎11-18-2016

Re: MAC Auth not happening for certain clients, stuck in Initial Role

Attached log of user specific debug.

 

This line leads me to believe the authentication is simply failing

 

Nov 30 12:32:26 :522190:  <DBUG> |authmgr|  MAC=74:72:f2:36:ec:48 IP=0.0.0.0: MAC auth fail: entry-type=L2, bssid=18:64:72:36:d1:f5.

 

However, still not sure why.

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: MAC Auth not happening for certain clients, stuck in Initial Role

Are all usernames and passwords in the internal DB setup in the same format (case and delimeter)?    For example, lowercase with colons, etc.?    Check your MAC Authentication profile for the format it is expecting and make sure the account in the internal DB is setup right. 

 

Also, what role do you have setup for the failing accounts in the internal DB?   This may be overwriting the MAC Authentication default role.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

New Contributor
Posts: 3
Registered: ‎11-18-2016

Re: MAC Auth not happening for certain clients, stuck in Initial Role

MAC profile is expecting lower case and colon.

 

Username and Password set to 74:72:f2:36:ec:48

 

User role in local database and defaul MAC Authenticated defaul role are set to the same role, so if either one is taking preference, it should be a success.

 

Only Initial role is ever given to use.

Search Airheads
Showing results for 
Search instead for 
Did you mean: