Wireless Access

Reply
Contributor I
Posts: 25
Registered: ‎01-31-2014

Mac Authentication Problem

Hey all, I have a MAC authentication question.

I have set up a SSID and created the appropriate firewall policies (Which work) however I also want to add a layer of security with Mac Authentication.

I have MAC Auth enforced and the initial Role set to "Denyall". Basically if the MAC addy is not in the Internal DB then they should have the inital role set to them and they cannot do anything. Problem is, im testing on a computer first that is not in the Database and it is still allowing me to access whatever I would usually access (If i was authenticated)

Any help would be greatly appreciated!

MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: Mac Authentication Problem

 

Can you please shared your config ?

 

show rights <intial role>

show aaa profile <mac auth profile>

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 8,446
Registered: ‎09-08-2010

Re: Mac Authentication Problem

Do you have a MAC Auth Profile and MAC Auth Server group set in your AAA profile that is configured for the virtual ap?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 25
Registered: ‎01-31-2014

Re: Mac Authentication Problem

Yes, both Mac Authentication Profile and MAC Authentication Server Group are configured.


AAA Profile Config

 

Initial Role: denyall

 

MAC Authentication Default Role: Development-Access

 

Enforce Machine Authentication: Yes

Community Administrator
Posts: 2,254
Registered: ‎12-03-2013

Re: Mac Authentication Problem

[ Edited ]

I have ran into situations where a device had a previous successful authentication and the controller "remembered" the device. I had to manually kick the client for the network. After that it worked normally.

 

Like Cappalli mentioned you will need to configure these parameters so the controller will know how to process the request and where to look for the entry.

 

The Server group configuration:

 

server group.PNG

 

The MAC profile configuration:

 

mac auth.PNG

 

After creating these you can apply them to your AAA profile:

 

appling aaa.PNG

CWNA, ACMP, Security +
Guru Elite
Posts: 8,446
Registered: ‎09-08-2010

Re: Mac Authentication Problem

You should turn off enforce machine authentication. This is only used for 802.1x with AD-joined machines.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 25
Registered: ‎01-31-2014

Re: Mac Authentication Problem

Jamie, 

You were right, had to kick off the client and then it worked. 

 

Thanks!!!!

Search Airheads
Showing results for 
Search instead for 
Did you mean: