Hi cjoseph,
I do mean 802.1x with mac auth. I am trying to configure the SSID so that stations will first attempt mac auth.
If the mac auth succeeds assign role and allow station to connect.
if mac auth fails, try 802.1x auth
if both mac and 802.1x auth pass assign role based on 802.1x.
I have configured my aaa profile like this.
aaa profile "OCDSB-TEST-aaa-Profile"
mac-server-group "internal_db"
authentication-mac "OCDSB-TEST-MAC-Profile"
authentication-dot1x "OCDSB-TEST-dot1x-profile"
dot1x-default-role "authenticated"
dot1x-server-group "OCDSB-CPPM-server-group"
no wired-to-wireless-roam
enforce-dhcp
l2-auth-fail-through
I think what I may be missing is in the SSID configuration which is as follows.
wlan ssid-profile "OCDSB-TEST-ssid-prof"
essid "OCDSBTEST"
opmode wpa2-aes
so this leaves me with a vap-profile like...
wlan virtual-ap "OCDSB_TEST-vap-profile"
aaa-profile "OCDSB-TEST-aaa-profile"
ssid-profile "OCDSB-TEST-ssid-prof"
vlan 100
blacklist-time 1800
auth-failure-blacklist-time 600
band-steering