Controllerless Networks

hoangnhut2 · ‎10-24-2019

Hello,

With aruba controller 7010, is it possible to configure both MAC authen and 802.1X together for 1 SSID (MAC will config/authen before on local controller, then 802.1x will authen with external radius) ?

cordless · ‎10-24-2019

Yes, that is possible, you have to configure MAC Auth in the AAA Profile.

Clients will get the MAC authentication default role if they pass 802.1x authentication AND mac authentication. If they do not pass MAC authentication, they will not be allowed to connect.

In the AAA profile if you enable "layer 2 failthrough", devices that pass 802.1x authentication, but fail MAC authentication will still get the default 802.1x role in the AAA profile and be able to pass traffic.

But why would you do MAC auth before 802.1X?
To get a more secured MAC auth I would lead with Tools like ClearPass which is doing Fingerprinting to prevent MAC spoofing.

hoangnhut2 · ‎10-25-2019

Thank, Cordless

Before that I did using IAP Instant 215 and it had feature "Perform MAC authentication before 802.1X", only one thing that on AP-215 cannot combine 802.X with external radius and MAC authen on local AP-215, required MAC have to add on the same external radius with 802.1X. So I think it the same when migrate to controller 7010.

Clearpass is the next step on our migration.

Controllerless Networks

Aruba Controller 7010 - 802.1X and MAC authentication

Re: Aruba Controller 7010 - 802.1X and MAC authentication

Re: Aruba Controller 7010 - 802.1X and MAC authentication

IAP Licenses

Instant AP DHCP with Ip helper

IAP autojoin mode - how?

IAP 93 PURGEENV Admin Password

Aruba Instant AP 105's

COTD: Boot options for controllers

COTD: SNMP events

Automated WEP key rotation ?

Upgrade problems...

Aruba voip NAT

WPA-PSK and VLAN assignment via MAC address

Cisco ACS and Aruba Radius Auth

Making DHCP mandatory on Aruba WLAN

VMware Wireless Bridging

Deploying Aruba APs over high latency links

Aruba Instant Downloads

Beta Downloads

Aruba Instant 6.4.2.6-4.1.1.10 Released 9/28/15

Re: ArubaOS Downloads

Aruba Instant 6.4.2.6-4.1.1.11 Released 11/27/2015

Remote AP Networks

Indoor 802.11n Site Survey and Planning

Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide

Lync Over Aruba WiFi

AOS and CPPM – Dot1x Authentication and integration

Controllerless Networks

Aruba Controller 7010 - 802.1X and MAC authentication

Re: Aruba Controller 7010 - 802.1X and MAC authentication

Re: Aruba Controller 7010 - 802.1X and MAC authentication

Follow Us