Wireless Access

Contributor I

Mac Authentication Problem

Hey all, I have a MAC authentication question.

I have set up a SSID and created the appropriate firewall policies (Which work) however I also want to add a layer of security with Mac Authentication.

I have MAC Auth enforced and the initial Role set to "Denyall". Basically if the MAC addy is not in the Internal DB then they should have the inital role set to them and they cannot do anything. Problem is, im testing on a computer first that is not in the Database and it is still allowing me to access whatever I would usually access (If i was authenticated)

Any help would be greatly appreciated!

Re: Mac Authentication Problem


Can you please shared your config ?


show rights <intial role>

show aaa profile <mac auth profile>

Thank you

Victor Fabian
Lead Mobility Architect @WEI
Guru Elite

Re: Mac Authentication Problem

Do you have a MAC Auth Profile and MAC Auth Server group set in your AAA profile that is configured for the virtual ap?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Mac Authentication Problem

Yes, both Mac Authentication Profile and MAC Authentication Server Group are configured.

AAA Profile Config


Initial Role: denyall


MAC Authentication Default Role: Development-Access


Enforce Machine Authentication: Yes

Community Manager

Re: Mac Authentication Problem

I have ran into situations where a device had a previous successful authentication and the controller "remembered" the device. I had to manually kick the client for the network. After that it worked normally.


Like Cappalli mentioned you will need to configure these parameters so the controller will know how to process the request and where to look for the entry.


The Server group configuration:


server group.PNG


The MAC profile configuration:


mac auth.PNG


After creating these you can apply them to your AAA profile:


appling aaa.PNG

Airheads Community - The best place to Connect. Engage. and Learn.
Guru Elite

Re: Mac Authentication Problem

You should turn off enforce machine authentication. This is only used for 802.1x with AD-joined machines.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Mac Authentication Problem


You were right, had to kick off the client and then it worked. 



Search Airheads
Showing results for 
Search instead for 
Did you mean: