Wireless Access

Reply
Aruba
Posts: 1,643
Registered: ‎04-13-2009

Question on Connecting VIA Clients and 00:00:00:00:00:00 as MAC Address

When VIA clients connect and authenticate via IKEv1 L2TP, they connect and show up in the user table as "00:00:00:00:00:00".   First, I want to make sure this is "normal".   Second, this configuration works fine when we have a setup using Microsoft NPS as the RADIUS server.....however, the customer requires authentications be proxied through Bradford first.   When we do this Bradford balks at the request with the following message:

 

radius manager cannot process request, no valid mac address

 

We are working with Bradford on this as well, but was hoping someone could give a brief summary of why 00:00:00:00:00:00 is the connecting MAC address of the client; is it because we are dealing with a virtual adapter rather than phsyical? Is it an L2TP thing?  Aruba specific?   Any suggestions on workarounds?

 

Thanks

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: Question on Connecting VIA Clients and 00:00:00:00:00:00 as MAC Address

Just  follow up.  Just got off with Bradford, and they have indicated that this has been researched in the past and because Bradford does not see a valid MAC, it won't work.   For this customer, we are currently going to authenticate the user to Microsoft NPS instead.

 

A couple of follow up questions (from myself and Bradford):

- Each client has a MAC on their Aruba Virtual Adapter; is this MAC unique to each client; or are they reused in any way?

- If so, can that virtual adapter MAC be used to be passed through for the client to the controller and to RADIUS?

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba Employee
Posts: 20
Registered: ‎02-02-2012

Re: Question on Connecting VIA Clients and 00:00:00:00:00:00 as MAC Address

"00:00:00:00:00:00" this MAC is by design not know the reason though. I believe since VIA/VPN is works at L3 so we dont send the MAC address.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: