Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Initial, mac and 802.1x roles

  • 1.  Initial, mac and 802.1x roles

    Posted Sep 25, 2019 04:25 AM

    Hi,


    Needing a little clarification.

     

    We apply 802.1x role for our corporate network.  My question is the INITIAL role is just set to logon and MAC set to guest as this is the default setting.  Should I be changed this or editing anything in this ?


    A couple of mac users have complained the odd time they get re-directed to the secure aruba networks captive portal - even though this is not enabled on our controller.  However after a little digging I noticed macbooks by default have ipv6 set to automatic.  Also as part of the logon role there is an IPv6 redirect proxy to the captive portal - if the user fails to authenticate on a mac I am assuming they fall back on to the initial role which is logon and then it goes down the line of the captive portal.  Does this make sense? Any way I can stop this ?

     

    Thanks

    Scott



  • 2.  RE: Initial, mac and 802.1x roles

    Posted Sep 25, 2019 10:10 AM

    Have you tried creating a new user role and mapping it to the initial role?

     

    ip access list session 802.1X_initial

    any any any permit

     

    user-role corporate_initial

    access list session 802.1X_initial

     

    Map this role to the initial role for 802.1x

     

    --Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
    --Problem Solved? Click "Accepted Solution" in a post.




  • 3.  RE: Initial, mac and 802.1x roles

    Posted Sep 25, 2019 10:57 AM

    Could i just for the corporate network set the INITIAL and MAC roles to a role i create myself basically saying:

     

    Any any deny


    And the only role that permits clients to be the 802.1x role?

     

    Thanks



  • 4.  RE: Initial, mac and 802.1x roles

    Posted Sep 25, 2019 11:06 AM

    Are you seeing an option to set the default mac role to default from the drop down instead of guest?

     

    If not just create an ACL for deny and map it only to mac default role.

     

    However map any any any permit to 802.1x initial role.

     

     

    --Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
    --Problem Solved? Click "Accepted Solution" in a post.