Wireless Access

last person joined: 5 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Aruba 7005 Controller MAC based authentication

  • 1.  Aruba 7005 Controller MAC based authentication

    Posted Jun 17, 2019 08:11 AM

    Dear All,

    Hope youre all will be doing well. We have Aruba 7005 controller OS ver 8.3. We need to enable mac authentication on our one SSID only whitelisted mac should get connected. Currently we dont have any authentication servers kindly let me know the complete steps as I am just new to Aruba. 

     

    Regards,

    Zain



  • 2.  RE: Aruba 7005 Controller MAC based authentication

    Posted Jun 17, 2019 09:01 AM


  • 3.  RE: Aruba 7005 Controller MAC based authentication

    Posted Jun 17, 2019 10:56 PM

    You actually have two ways of potentially doing this. One is to use MAC authentication and the other is to create a "user rule". With MAC authentication, you would enter the MAC address into a database, and the MAC address would be authenticated against that database, the same way a username would be looked up and authenticated. You mentioned that you do not have any authentication server, however you could use the Aruba internal database for this purpose.

     

    The other way of doing this would be to use a "user rule". If you only had a very small number of MAC addresses, then the "user rule" could work. A "user rule" is more of a filter, actually one or more filters, which can check for a match of a string. In your instance the string would be the MAC address (partial MAC addresses can be checked with user rules when looking for things like certain OUIs). With a user rule you can check if the MAC contains, ends with, equals, does not equal, or starts with a certain string of values. For each MAC address or string you want to check, you would need to define a separate condition, which can get long and cumbersome to manage (and process) if you have many MAC addresses.

     

    MAC authentication is probably the better way to go, but I wanted to make you aware of the other method and the differences.

     

    I hope this helps,