Wireless Access

Reply
Occasional Contributor I

how can i config mac + 802.1x + web auth

Hello~! 

I try this ....

 

A user whose ID / PW is registered in the authentication server connects to the SSID.
At this time, the user with the registered MAC address uses the Internet,
Users who do not have a mac address registered should go to the captive portal page.

 

So I set up AAA, MAC authentication, 802.1X, portal profile.
However, if the Mac authentication is denied, the captive portal page will not be displayed and the ssid connection will be disconnected.

 

aruba controller have not this option? 

When tested with the Cisco controller, it succeeded by checking 802.1x and mac filters on the L2 option and checking the On Mac filter failure on the L3 option.

 

Thank you for all the reply

Guru Elite

Re: how can i config mac + 802.1x + web auth

In your AAA profile, enabling l2-auth-fail-through will allow 802.1x to continue if mac authentication fails.  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_profile.htm?Highlight=l2-auth-fail-through



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: how can i config mac + 802.1x + web auth

Thank you for reply

i tested L2-auth-fail-through. 

using l2-auth-fail-through , user fail mac authentication . using internet by 802.1x 

but i want that if user fail mac authentication . viewing web redirection page.

also if user athenticated mac authenticaition . using internet.

 

Thank you for your interest.

Guru Elite

Re: how can i config mac + 802.1x + web auth

If you have a mac authentication profile applied to the AAA profile and a user fails mac authentication with "l2-fail-through", the user will get the default 802.1x role in the AAA profile.  If the user passes mac authentication and 802.1x authentication, the user will get the default mac authentication role.

 

If you want a user to get the captive portal when they authenticate to 802.1x successfully and fail mac auth, make the default 802.1x role in the AAA profile "xxx-logon" or whatever your guest users in the captive portal get.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: