Wireless Access

Reply
Occasional Contributor I

Mixed authentication question - MAC or PSK

I would like to build an SSID that does *either* MAC or WPA2-PSK authentication.  The situation is that we have very old devices (doing MAC Auth) that we'd like on the same SSID as newer devices (that do support WPA2-PSK).  I've seen the l2-auth-fail-through table and it's a little confusing.  I think it works for one of my requirements, if MAC auth fails, do PSK.  But I can't determine (because the table is vague "fail" versus "-") whether a MAC auth'd machine will be allowed on if it cannot complete PSK.

 

Thanks in advance for your help!

Guru Elite

Re: Mixed authentication question - MAC or PSK

PSK involves encryption. You could do PSK then MAC-auth, but not MAC-auth then PSK.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Mixed authentication question - MAC or PSK

I think I understand your answer, but so I understand 100% let me ask a different way. 

 

Assuming I use "l2-auth-fail-through" on a single SSID, is it possible to have the following two users associated?  One has authenticated with MAC-Auth only, the other has authenticated with WPA2-PSK only.

 

I don't need both authentication methods to ever succeed together (for a single device), I'm simply seeing if I can do one or the other on a single SSID.

 

Thanks again

Re: Mixed authentication question - MAC or PSK

There's no such thing as MAC-Auth encryption. If you stand up a WPA2-PSK SSID, that is encrypted, and ALL clients on that SSID would have to support WPA2-PSK encryption on the wireless card. My guess is from your original email, you have older devices that likely are OPEN or WEP only and currently you use MAC Filtering on an Open or WEP-based SSID. In that case, if those clients cannot do WPA2-PSK, you will need two separate SSIDs, or will have to move all clients to the lowest commonly supported WiFi encryption (Open or WEP). 

Jerrod Howard
Sr. Techical Marketing Engineer
Guru Elite

Re: Mixed authentication question - MAC or PSK

Your options on a single SSID would be:

 

    Open

    Open + MAC-Auth

    PSK

    PSK + MAC-Auth


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Mixed authentication question - MAC or PSK

Thanks for helping me out guys, much appreciated

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: