04-22-2014 09:06 AM
I created a specific authentication for mobility devices : MAC authentication.
Since I upgraded my controller from 6.1 to 6.3, I have roaming issue : impossible to keep the connection when we move on the building. We have no problem when we use another SSID.
Do you know if we lost a specific parameter when we upgrade the controller ?
Thanks in advance
04-22-2014 09:13 AM
Are you using encryption? There is no specific issue with roaming when upgrading between those versions of code. Are you redirecting users to a captive portal after mac authentication?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
04-22-2014 09:22 AM
Got that. There is no roaming behavior changes on 6.3. it`s all the same. Could we do the user-debug on the controller and do the show auth-trace buf to see if there are any mac-auth issue.
04-24-2014 04:48 AM
Someone can help me to define the best solution to configure mac address authentication :
wpa-tkip : WPA with TKIP encryption and dynamic keys using 802.1x.
wpa-aes : WPA with AES encryption and dynamic keys using 802.1x.
wpa-psk-tkip : WPA with TKIP encryption using a preshared key.
wpa-psk-aes : WPA with AES encryption using a preshared key.
Following each solution, how can i configure aaa profile ? (with 802.1x authentication or not)
I use internal DB to check all mac address and for my understanding, we need to configure 802.1x authentication with termination to do it, is it correct or not ?
04-24-2014 05:05 AM
If you want to do just MAC auth, you may need to choose wpa-psk-aes or wpa-psk-tkip from the above list.
From AAA profile , all you need to do is to choose the mac authentication profile , mac authentication server-group & default-role.
Profile would be your mac address format by default it is none, server-group will be default (internal db on controller) role would be guest by default (but configurable)
To do mac authentication there is no need to enable 802.1x authentication or termination as that going to be optional and required if we need to.
When you enable 802.1x authentication on aaa profile, then first mac-auth will happen for the client followed by 802.1x authentication.