Wireless Access

last person joined: 12 minutes ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

802.1x to mac authentication fallback

Jump to Best Answer
  • 1.  802.1x to mac authentication fallback

    Posted Nov 17, 2016 07:42 PM

    Hi,

     

    We have 7210 controller with latest AOS.

    How can we achieve 802.1x to mac address authentication fallback(without radius) for single SSID on controller.

    Some more detail : suppose user is not able to login using 802.1x(credential) and his mac address present in controller local database then that user should get access. or vice versa.

     

    Thank you..

     

     



  • 2.  RE: 802.1x to mac authentication fallback

    Posted Nov 17, 2016 07:45 PM
    Successful 802.1x authentication is required to allow any user onto a 802.1x ssid as per the standard. Failure means no connection is allowed.


  • 3.  RE: 802.1x to mac authentication fallback

    Posted Nov 18, 2016 06:31 AM

    Hmm.. I might be misunderstanding the question but I´m pretty sure I´ve done what you´re asking for with l2-auth-fail-through. This won´t work if the client "fails" 802.1X though, might be the same if the radius request times out. You want to protect yourself from RADIUS server failure with this or what´s the purpose?

     

    From the user guide:

    l2-auth.JPG

     

    Will that work for you?

     

    Cheers,



  • 4.  RE: 802.1x to mac authentication fallback

    Posted Nov 18, 2016 08:53 AM

    "Some more detail : suppose user is not able to login using 802.1x(credential) and his mac address present in controller local database then that user should get access. or vice versa."

     

    If the user is not able to login using 802.1x, the user will not get on the network, regardless of the configuration..



  • 5.  RE: 802.1x to mac authentication fallback
    Best Answer

    Posted Nov 17, 2016 07:45 PM
    This is not possible. 802.1X cannot be combined with other authentication
    methods. MAC address can be used during authorization with 802.1X.