Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Roaming Issue --- MAC authentication

This thread has been viewed 4 times

  • 1.  Roaming Issue --- MAC authentication

    Posted Apr 22, 2014 12:07 PM

    Hello,

     

    I created a specific authentication for mobility devices : MAC authentication.

    Since I upgraded my controller from 6.1 to 6.3, I have roaming issue : impossible to keep the connection when we move on the building. We have no problem when we use another SSID.

    Do you know if we lost a specific parameter when we upgrade the controller ?

     

    Thanks in advance

    cCil



  • 2.  RE: Roaming Issue --- MAC authentication

    EMPLOYEE
    Posted Apr 22, 2014 12:13 PM

    Are you using encryption?  There is no specific issue with roaming when upgrading between those versions of code.   Are you redirecting users to a captive portal after mac authentication?



  • 3.  RE: Roaming Issue --- MAC authentication

    Posted Apr 24, 2014 05:32 AM

    Hello,

    I use wpa psk and following the mac, the client is derived to a specific vlan.
     For this SSID, I use Internal DB for the authentication server.

     

    cCil



  • 4.  RE: Roaming Issue --- MAC authentication

    Posted Apr 24, 2014 07:48 AM

    Hello,

    Someone can help me to define the best solution to configure mac address authentication :

    wpa-tkip : WPA with TKIP encryption and dynamic keys using 802.1x.
    wpa-aes : WPA with AES encryption and dynamic keys using 802.1x.
    wpa-psk-tkip : WPA with TKIP encryption using a preshared key.
    wpa-psk-aes : WPA with AES encryption using a preshared key.


    Following each solution, how can i configure aaa profile ? (with 802.1x authentication or not)

     

    I use internal DB to check all mac address and for my understanding, we need to configure 802.1x authentication with termination to do it, is it correct or not ?


    cCil



  • 5.  RE: Roaming Issue --- MAC authentication

    Posted Apr 24, 2014 08:05 AM

    If you want to do just MAC auth, you may need to choose wpa-psk-aes or wpa-psk-tkip from the above list.

     

    From AAA profile , all you need to do is to choose the mac authentication profile , mac authentication server-group & default-role.

     

    mac-autharubaos.jpg 

    Profile would be your mac address format by default it is none, server-group will be default (internal db on controller) role would be guest by default (but configurable)

     

    To do mac authentication there is no need to enable 802.1x authentication or termination as that going to be optional and required if we need to.

    When you enable 802.1x authentication on aaa profile, then first mac-auth will happen for the client followed by 802.1x authentication.

     

     

    Thank you.

     



  • 6.  RE: Roaming Issue --- MAC authentication

    Posted Apr 22, 2014 12:22 PM

    Got that. There is no roaming behavior changes on 6.3. it`s all the same. Could we do the user-debug on the controller and do the show auth-trace buf to see if there are any mac-auth issue.

     

    Thank you.