Original Message:
Sent: May 21, 2024 11:47 PM
From: JPuck
Subject: Aruba Central - SSID MAC whitelisting
I didn't realize you were running AOS10. AOS10 won't have the "internal server" option like AOS8. With AOS10 the only Central Only option you would have is to use CloudAuth which I prefer as it allows you to assign a user to the mac-address to help with client identification. Select "CloudAuth" and then just add your mac-addresses in Cloud Auth. This can be done via a CSV file or input one mac-addres at a time.
Original Message:
Sent: May 21, 2024 11:35 PM
From: Elliot
Subject: Aruba Central - SSID MAC whitelisting
Hi JPuck,
Thanks for your help thus far.
Issue I'm seeing is in my environment, I don't have 'InternalServer' as an option. Just Cloud Auth and our Microsoft NPS servers.
I tried the + symbol to add a server but they all require an IP address.
See my attachment.
Thank you
Original Message:
Sent: May 21, 2024 10:51 PM
From: JPuck
Subject: Aruba Central - SSID MAC whitelisting
I apologize for the confusion. There are 2 options for this that don't require an external radius server.
1. You can input the mac-addresses local to the AP's. Username and pwd of the user is the mac-address. Type has to be Employee. I've attached mac-auth-internal and mac-auth-internal2 images to show this config.
2. You can utilize CloudAuth. While this is part of the CloudAuth feature set within Central it is seperate than the Entra/Google setup. You can just add the mac-address and assign a username to the mac-address. I've attached 2 files mac-auth-cloudauth and mac-auth-cloudauth2 showing this setup.
Original Message:
Sent: May 21, 2024 10:29 PM
From: Elliot
Subject: Aruba Central - SSID MAC whitelisting
Hi JPuck,
Am I understanding the 2 options correctly?
1 - Use an internal Radius server (eg). Microsoft NPS server. In this scenario, I would have to add entries for each MAC address on the NPS server.
2 - Use an idP (eg) Azure Entra. I'd have to add the MAC addresses in Entra.
Is there no option to just do the list on the Aruba Central cloud controller?
Thank you.
Original Message:
Sent: May 21, 2024 09:10 AM
From: JPuck
Subject: Aruba Central - SSID MAC whitelisting
Under the same Advanced Settings you can select the "Primary Server" and set your Radius server and then add the Mac-addresses that you want to allow. An External server is an option but If you utilize the "IntenralServer" then you would just add the users by selecting the "Manage Users" link and add the user with the mac-add being the username and password. If you select Cloud Auth you can then add the mac-addresses under the Global-> Security->Authentication & Policy->Config->Manage MAC Registration
Original Message:
Sent: May 19, 2024 07:13 PM
From: Elliot
Subject: Aruba Central - SSID MAC whitelisting
Hello,
I want to create a SSID that is open (no PSK or certificate) and blocking all MAC addresses except the ones I whitelist.
We're using 615s in Aruba Central.
I see an option for MAC address deny listing in Device > SSID name > Security > Advanced > MAC Authentication and Deny listing but no option for whitelisting.
How do I set up a whitelist to allow certain devices to connect to a SSID but block all others no on the whitelist?
Thank you.