I have a case where I would like to authenticate some devices that can't speak RADIUS, with MAC-Auth instead. I have both profiles enabled in my AAA-profile and i can see in the logs that the device passes MAC-Auth, but then continuing on failing the 802.1X Auth.
To my question:
Is it possible to make a solution where if MAC-Auth passes, the authentication process won't continue to 802.1x? In other word: If either MAC-Auth OR 802.1x-Auth passes, user gets authenticated.
Thanks in advice!
To extend on that; what you ask can be done on wired. Just not on wireless.
The main reason for that WPA2-Enterprise does in addition to the 802.1X authentication the setup of the encryption keys in the same procedure. So if you have not done authentication, you cannot setup the encryption. Unfortunately there is no fallback for WPA2 (without encryption) if authentication fails, like with wired.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.