We are implementing an Aruba deployment to one of our clients.
The client has Cisco WLAN controllers with SSIDs using WPA2 with MAC filtering. On those controllers they added the Active Directory as a RADIUS server to validate that the MAC address exists on a specific list of MAC.
So they are asking us to configure that on our Aruba Controllers. I have added the AD server as Radius server under Authentication tab and I have enabled MAC authentication on the WLAN wizard. I know that MAC filtering isn't secure and will not scale well but that is what our customer wants.
So I want to know if we can implement that.
Thank you in advance.
So you are creating AD accounts for each MAC address?
Yes, an account for each MAC.
The AAA profile on the Aruba Controller has a mac authentication profile. You need to make sure that the case and delimeter in that profile match what is in AD. Also, the controller expects the username and password to be the mac address when pointed to that radius server. Lastly, the radius server will need to have PAP enabled to successfully authenticate mac addresses.
I would so anything to steer the customer to something like 802.1x instead of going through this exercise.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.