Wireless Access

Reply
Frequent Contributor I
Posts: 75
Registered: ‎07-03-2013

Problem in MAC based Authentication.

AAA Mac role.jpg

 

 

i want to know, which role i have to select in the internal db, logon or authentication ?

 

Internal DB role.jpg

 

 

Now the Major Problem is, I have entered the username/password MAC in the internal db and also the enable the this user, sometimes this user is able and sometimes unable to browse and when i disable this user it still able to browse.

 

I disabled this user, after 30 secs i have again enabled this user , now is there any  specific time period when user session is proper established  again and able to browse ? because after 30 secs i am unable to browse. 

 

 

Untitled.jpg

 

 

kindly help me in this regard

 

 

Aruba
Posts: 233
Registered: ‎11-19-2009

Re: Problem in MAC based Authentication.

The best way to configure the initial role for mac authentication is "Denyall" role. Create the customized role and write the acl "any any any deny" so that if the user failed the mac authentication; will not be able to pass any traffic until the mac address being authenticated against the internal db of the controller.

 

Normally, by default when the mac-auth failts you will go to logon role which contains the captive portal acl for the user to get the redirection CP page. Again logon role should contatin the captive portal mapped to it in order to avoid the "web authentication disabled" message. 

 

It depends on what you want. Either you can force them to put the user on logon when the mac auth fail  or place the user on denyall role to block all traffic.

 

Hope this helps. Thank you.

Super Contributor II
Posts: 354
Registered: ‎09-26-2012

Re: Problem in MAC based Authentication.

Hi Sriram,

Thanks for the valuable information. I have facing the same problem
we have implemented MAC based authentication with initial role "logon" so that if mac authentication is failed the user is redirected to captive portal page.
In our case when mac authentication failed the user get CP page properly and when it enter "Email address" ( we we have applied only guest login) the same page of web authentication is disable has shown although user gets authentication role and start using service but whenever a user user sees CP page it always see web authenticated page for a moment.

Please also note that we have disable welcome page as well
Please advice how to resolve this issyu.
Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Frequent Contributor I
Posts: 75
Registered: ‎07-03-2013

Re: Problem in MAC based Authentication.

Thanxx sriram...

 

 

find a solution by your support :)

Search Airheads
Showing results for 
Search instead for 
Did you mean: