Wireless Access

 View Only
last person joined: 4 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Multiple MAC auth databases

This thread has been viewed 2 times

  • 1.  Multiple MAC auth databases

    Posted Jan 20, 2012 09:42 AM

    I would like to give out a RAP with MAC authtentication on port eth1 (RAP2WG).

    My idea is to create an aaa profile with mac auth but I can not turn my head away of the fact that all other mac users in the local db would be able to authenticate on this RAP2WG.. is there a way to prevent this ? there's no such thing as multiple local db's I guess? :)



  • 2.  RE: Multiple MAC auth databases

    EMPLOYEE
    Posted Jan 20, 2012 09:48 AM
    @enveekaa wrote:

    I would like to give out a RAP with MAC authtentication on port eth1 (RAP2WG).

    My idea is to create an aaa profile with mac auth but I can not turn my head away of the fact that all other mac users in the local db would be able to authenticate on this RAP2WG.. is there a way to prevent this ? there's no such thing as multiple local db's I guess? :)



    What do you mean "all other mac users"?  You mean all other users with MAC OSX or do you mean all other users with mac addresses in the database?

     

    If you mean all other users with mac addresses, what you can do is create a new mac authentication profile that has a different format, like no delimeter.  Add that new mac authentication profile to your AAA profile that you are applying to the wired port.   Enter the user you want to have access in the local database with a mac address that has no delimeter.  All other users who try to authenticate, their mac addresses will be in a different format, and they will fail.



  • 3.  RE: Multiple MAC auth databases

    Posted Jan 20, 2012 09:48 AM

    You can setup Multiple User Derivation Rules for mac authentication.

     

    Under Security, Authentication, User Rules.....

     

    Setup a AAA profile for your Remote or RAP Access Points, set your intial role, and add the new user derivation rule.

     

     



  • 4.  RE: Multiple MAC auth databases

    Posted Jan 20, 2012 09:57 AM

    With mac users is mean entries in de local db based on mac-address.



  • 5.  RE: Multiple MAC auth databases

    EMPLOYEE
    Posted Jan 20, 2012 10:03 AM
    @enveekaa wrote:

    With mac users is mean entries in de local db based on mac-address.

    Allright, then please try what I suggested above.



  • 6.  RE: Multiple MAC auth databases

    Posted Jan 20, 2012 10:21 AM

    Thanks... isn't there a more clean way to solve this?



  • 7.  RE: Multiple MAC auth databases

    Posted Jan 20, 2012 10:25 AM

    It was explained to me by two ACE members the deravation rules were much cleaner to use for MAC Auth then the internal DB. Outside of that you can go with  External MAC auth servers.

     

    I believe the options by joseph and myself are about the only options you have to do what you are trying to do.

     

    Good luck.....



  • 8.  RE: Multiple MAC auth databases

    Posted Jan 20, 2012 10:50 AM
    Ok thanks for the suggestions!