Wireless Access

 View Only
last person joined: 3 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

MAC authentication not working properly - 9240 Gateway version 8.10.06

This thread has been viewed 10 times
  • 1.  MAC authentication not working properly - 9240 Gateway version 8.10.06

    Posted May 25, 2023 09:12 AM

    Hello Team,

    I'm running into an issue with mac authentication enabled ssid. We have aruba 9240 gateway running 8.10.0.6 software. 

    All client's mac addresses are added to the local db and should be assigned guest role after authentication, and deny all before. This scenario is working properly for some users where they are being able to connect, but not the case for other users, the client is not being  able to connect although his mac address is added to the db. from gui dashboard, the client is always stuck on the denyall role, i tried blacklisting the user then whitelisting him again, also tried to remove his mac then readding it, lastly i reconfigured the aaa profile for this ssid and in the initial role i changed from denyall to authenticated role just for test, but still when the client connects the controller is assigning him a denyall role as if this is cached somewhere. Any advice on this ? and it is happening to several devices not just one ... 



  • 2.  RE: MAC authentication not working properly - 9240 Gateway version 8.10.06

    Posted Jun 26, 2023 05:57 AM

    How initial roles work, and the L2-fallthrough for different types of authentication may be confusing the first time. That's also why it's covered in the official trainings. Easiest would be to work with your partner or Aruba Support, as when you try to make it work but don't exactly understand how it works you may end up with an insecure configuration. It looks like the mac address is not authenticated at all, and that would be the first thing to find out. It can be the format of the mac address (delimiter) or that the password is not the same is the username, or that the internal database is not even queried.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------