Hello all,
I hope someone can help shed some light on how AAA profiles are supposed to work on the controller (7205 model) I'm using on our network.
So, I have an exisitng SSID configured so that authentication is configured to RADIUS servers, this is the main SSID for our customers. However, I also need to set up another SSID with MAC address based authentication for "special devices" and a PSK is configured as the password to authenticate with.
My issue is I believe I have got it to work, but am not sure I understand why it works.
1 - I set up the SSID with "wpa2-psk-tkip" encryption.
2 - I configured the L2 Authentication to include a new MAC authentication profile.
3 - I configured a new AAA profile and set the MAC authentication to the profile in step 2.
4 - I added a VAP profile for this SSID with the AAA profile in step 3 in the AP group.
5 - I added a test device MAC address into the "Internal DB" under Security > Authentication.
I then tried to connect to the network using this new SSID from a test device and it failed to authenticate after putting the PSK.
I eventually got it working by adding the same 802.1X authentication profile being used by the main customer SSID, as well as the same RADIUS server settings all under the AAA profile settings (in step 3).
I'm a bit confused as to why that works, I thought I shouldn't need to include any 802.1X auth for an SSID that's supposed to work only with MAC/PSK authentication.
In fact, why is MAC authentication and 802.1X authentication available to configure simultaneously in a AAA profile, shouldn't they be mutually exclusive?
Am happy to provide more details if my question needs more clarification.