Wireless Access

Reply
Contributor II
Posts: 73
Registered: ‎03-07-2011

Multiple MAC auth databases

I would like to give out a RAP with MAC authtentication on port eth1 (RAP2WG).

My idea is to create an aaa profile with mac auth but I can not turn my head away of the fact that all other mac users in the local db would be able to authenticate on this RAP2WG.. is there a way to prevent this ? there's no such thing as multiple local db's I guess? :)

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: Multiple MAC auth databases


enveekaa wrote:

I would like to give out a RAP with MAC authtentication on port eth1 (RAP2WG).

My idea is to create an aaa profile with mac auth but I can not turn my head away of the fact that all other mac users in the local db would be able to authenticate on this RAP2WG.. is there a way to prevent this ? there's no such thing as multiple local db's I guess? :)




What do you mean "all other mac users"?  You mean all other users with MAC OSX or do you mean all other users with mac addresses in the database?

 

If you mean all other users with mac addresses, what you can do is create a new mac authentication profile that has a different format, like no delimeter.  Add that new mac authentication profile to your AAA profile that you are applying to the wired port.   Enter the user you want to have access in the local database with a mac address that has no delimeter.  All other users who try to authenticate, their mac addresses will be in a different format, and they will fail.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎01-12-2012

Re: Multiple MAC auth databases

You can setup Multiple User Derivation Rules for mac authentication.

 

Under Security, Authentication, User Rules.....

 

Setup a AAA profile for your Remote or RAP Access Points, set your intial role, and add the new user derivation rule.

 

 

===========================
Edwin Collins, ACMP-CWNA
Draeger Medical Inc - TIS-Wireless Network Specialist
===========================
Contributor II
Posts: 73
Registered: ‎03-07-2011

Re: Multiple MAC auth databases

With mac users is mean entries in de local db based on mac-address.

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: Multiple MAC auth databases


enveekaa wrote:

With mac users is mean entries in de local db based on mac-address.


Allright, then please try what I suggested above.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 73
Registered: ‎03-07-2011

Re: Multiple MAC auth databases

Thanks... isn't there a more clean way to solve this?

Occasional Contributor II
Posts: 13
Registered: ‎01-12-2012

Re: Multiple MAC auth databases

It was explained to me by two ACE members the deravation rules were much cleaner to use for MAC Auth then the internal DB. Outside of that you can go with  External MAC auth servers.

 

I believe the options by joseph and myself are about the only options you have to do what you are trying to do.

 

Good luck.....

===========================
Edwin Collins, ACMP-CWNA
Draeger Medical Inc - TIS-Wireless Network Specialist
===========================
Contributor II
Posts: 73
Registered: ‎03-07-2011

Re: Multiple MAC auth databases

Ok thanks for the suggestions!
Search Airheads
Showing results for 
Search instead for 
Did you mean: