Needing a little clarification.
We apply 802.1x role for our corporate network. My question is the INITIAL role is just set to logon and MAC set to guest as this is the default setting. Should I be changed this or editing anything in this ?
A couple of mac users have complained the odd time they get re-directed to the secure aruba networks captive portal - even though this is not enabled on our controller. However after a little digging I noticed macbooks by default have ipv6 set to automatic. Also as part of the logon role there is an IPv6 redirect proxy to the captive portal - if the user fails to authenticate on a mac I am assuming they fall back on to the initial role which is logon and then it goes down the line of the captive portal. Does this make sense? Any way I can stop this ?
Have you tried creating a new user role and mapping it to the initial role?
ip access list session 802.1X_initial
any any any permit
access list session 802.1X_initial
Map this role to the initial role for 802.1x
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.--Problem Solved? Click "Accepted Solution" in a post.
Could i just for the corporate network set the INITIAL and MAC roles to a role i create myself basically saying:
Any any deny
And the only role that permits clients to be the 802.1x role?
Are you seeing an option to set the default mac role to default from the drop down instead of guest?
If not just create an ACL for deny and map it only to mac default role.
However map any any any permit to 802.1x initial role.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.