Wireless Access

Reply
Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Tunnel Nodes on MAS

Hello All,

 

I know what Tunnel Node does, however, can some please provide some insight into how it works.

 

So if I have all my Security Policies and Authentication profiles on the Mobility Controller, how can I tell which of the Policies is applied to the Tunnel Node Port on the MAS.

 

For example, if I have 802.1X and Captive Portal Authentication built on the Mobility Controller. Which of these Authentications will be applied to the Tunnel Node Port?

Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Tunnel Nodes on MAS

[ Edited ]

Hi,

 

Both of those mechanisms can be appled to a tunneled node port. The AAA function is based off of what you apply in the aaa authentication wired profile on the controller.

 

If you run a show aaa authentication wired command on the controller, it will show you the aaa profile that is assigned.

 

 

(WLC-3600) #show aaa authentication wired

Wired Authentication Profile

----------------------------

Parameter    Value

---------            -----

AAA Profile  default

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: Tunnel Nodes on MAS


cappalli wrote:

Hi,

 

Both of those mechanisms can be appled to a tunneled node port. The AAA function is based off of what you apply in the aaa authentication wired profile on the controller.

 

If you run a show aaa authentication wired command on the controller, it will show you the aaa profile that is assigned.

 

 

(WLC-3600) #show aaa authentication wired

Wired Authentication Profile

----------------------------

Parameter    Value

---------            -----

AAA Profile  default

 


Thanks Tim. However, it seems that I have to apply the aaa authentication wired profile to either 802.1X or Captive Portal. Is that correct?

 

If so, that means you can only do one or the other and not both on a per Port basis. Correct?

 

Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Tunnel Nodes on MAS

Are you trying to do 802.1X with captive portal fall back?

 

Sent from my BlackBerry Z10


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: Tunnel Nodes on MAS

Yes I am.

Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Tunnel Nodes on MAS

You should be able to put the captive portal logon role as the initial role in the AAA profile so if 1X fails, they will be dumped into the initial role.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: Tunnel Nodes on MAS

Good idea.

 

Will give that a shot.

 

Thx.

Search Airheads
Showing results for 
Search instead for 
Did you mean: