I have a deployment of 3 RAP in a branch office to do and I just want to tunneled only the authentication process to the controller (SSID in WPA2-PSK + MAC authentication), the other traffics (corp. and internet) will be bridge on the local network. How can I do that?
I want to use th bridge mode but I don't know if the MAC authentication is supported (because I saw that the authentication happened between the client and the RAP, so how can it validate the MAC address ?)
If I have to switch in split-tunnel to make it run, how can I do that ? I guess I have to define particular firewall rules but I don't know how...
Thanks for you helps.
The mac-authentication is not done on the AP. -> is sent to the controller. The controller wil use the authentication server or its local
internal database to check the mac-adres.
You can use Split-tunnel mode.
In the policy you have to create some rules.
the trafffic who match the rules with action=" permit" wil use the tunnel
the traffic who macht the rules with action = "route src-nat" wil bridge the traffic localy
I hopte this makes it a little bit clear.
Thanks. But, I think you're wrong because I've just had a test and it's working well for the bridge mode. Maybe the RAP relays the authentication request, I don't really know how...
But it's OK then ! :)
In bridge mode, there is a tunnel from the AP for 802.1x traffic. This is the only traffic that is sent to the controller when the ssid is in bridge mode. No special rules are needed. The AP automagically does that.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.