Wireless Access

Reply
Occasional Contributor I
Posts: 7
Registered: ‎05-11-2012

Roaming Issue --- MAC authentication

Hello,

 

I created a specific authentication for mobility devices : MAC authentication.

Since I upgraded my controller from 6.1 to 6.3, I have roaming issue : impossible to keep the connection when we move on the building. We have no problem when we use another SSID.

Do you know if we lost a specific parameter when we upgrade the controller ?

 

Thanks in advance

cCil

Guru Elite
Posts: 20,785
Registered: ‎03-29-2007

Re: Roaming Issue --- MAC authentication

Are you using encryption?  There is no specific issue with roaming when upgrading between those versions of code.   Are you redirecting users to a captive portal after mac authentication?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 233
Registered: ‎11-19-2009

Re: Roaming Issue --- MAC authentication

Got that. There is no roaming behavior changes on 6.3. it`s all the same. Could we do the user-debug on the controller and do the show auth-trace buf to see if there are any mac-auth issue.

 

Thank you.

Occasional Contributor I
Posts: 7
Registered: ‎05-11-2012

Re: Roaming Issue --- MAC authentication

Hello,

I use wpa psk and following the mac, the client is derived to a specific vlan.
 For this SSID, I use Internal DB for the authentication server.

 

cCil

Occasional Contributor I
Posts: 7
Registered: ‎05-11-2012

Re: Roaming Issue --- MAC authentication

Hello,

Someone can help me to define the best solution to configure mac address authentication :

wpa-tkip : WPA with TKIP encryption and dynamic keys using 802.1x.
wpa-aes : WPA with AES encryption and dynamic keys using 802.1x.
wpa-psk-tkip : WPA with TKIP encryption using a preshared key.
wpa-psk-aes : WPA with AES encryption using a preshared key.


Following each solution, how can i configure aaa profile ? (with 802.1x authentication or not)

 

I use internal DB to check all mac address and for my understanding, we need to configure 802.1x authentication with termination to do it, is it correct or not ?


cCil

Aruba
Posts: 233
Registered: ‎11-19-2009

Re: Roaming Issue --- MAC authentication

If you want to do just MAC auth, you may need to choose wpa-psk-aes or wpa-psk-tkip from the above list.

 

From AAA profile , all you need to do is to choose the mac authentication profile , mac authentication server-group & default-role.

 

mac-autharubaos.jpg 

Profile would be your mac address format by default it is none, server-group will be default (internal db on controller) role would be guest by default (but configurable)

 

To do mac authentication there is no need to enable 802.1x authentication or termination as that going to be optional and required if we need to.

When you enable 802.1x authentication on aaa profile, then first mac-auth will happen for the client followed by 802.1x authentication.

 

 

Thank you.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: