Wireless Access

last person joined: 12 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

MAC filtering based on Active Directory list

This thread has been viewed 2 times

  • 1.  MAC filtering based on Active Directory list

    Posted Jul 18, 2018 11:09 AM

    Hi community

     

    We are implementing an Aruba deployment to one of our clients.

     

    The client has Cisco WLAN controllers with SSIDs using WPA2 with MAC filtering. On those controllers they added the Active Directory as a RADIUS server to validate that the MAC address exists on a specific list of MAC.

     

    So they are asking us to configure that on our Aruba Controllers. I have added the AD server as Radius server under Authentication tab and I have enabled MAC authentication on the WLAN wizard. I know that MAC filtering isn't secure and will not scale well but that is what our customer wants.

     

    So I want to know if we can implement that.

     

    Thank you in advance.



  • 2.  RE: MAC filtering based on Active Directory list

    EMPLOYEE
    Posted Jul 18, 2018 11:11 AM

    So you are creating AD accounts for each MAC address?



  • 3.  RE: MAC filtering based on Active Directory list

    Posted Jul 18, 2018 11:21 AM

    Yes, an account for each MAC.



  • 4.  RE: MAC filtering based on Active Directory list
    Best Answer

    EMPLOYEE
    Posted Jul 18, 2018 07:53 PM

    The AAA profile on the Aruba Controller has a mac authentication profile.  You need to make sure that the case and delimeter  in that profile match what is in AD.  Also, the controller expects the username and password to be the mac address when pointed to that radius server.  Lastly, the radius server will need to have PAP enabled to successfully authenticate mac addresses.

     

    I would so anything to steer the customer to something like 802.1x instead of going through this exercise.