Controllerless Networks

New Contributor

Aruba Controller 7010 - 802.1X and MAC authentication



With aruba controller 7010, is it possible to configure both MAC authen and 802.1X together for 1 SSID (MAC will config/authen before on local controller, then 802.1x will authen with external radius) ?

Aruba Employee

Re: Aruba Controller 7010 - 802.1X and MAC authentication

Yes, that is possible, you have to configure MAC Auth in the AAA Profile.


Clients will get the MAC authentication default role if they pass 802.1x authentication AND mac authentication. If they do not pass MAC authentication, they will not be allowed to connect.

In the AAA profile if you enable "layer 2 failthrough", devices that pass 802.1x authentication, but fail MAC authentication will still get the default 802.1x role in the AAA profile and be able to pass traffic.


But why would you do MAC auth before 802.1X?
To get a more secured MAC auth I would lead with Tools like ClearPass which is doing Fingerprinting to prevent MAC spoofing.

New Contributor

Re: Aruba Controller 7010 - 802.1X and MAC authentication

Thank, Cordless


Before that I did using IAP Instant 215 and it had feature "Perform MAC authentication before 802.1X", only one thing that on AP-215 cannot combine 802.X with external radius and MAC authen on local AP-215, required MAC have to add on the same external radius with 802.1X. So I think it the same when migrate to controller 7010.


Clearpass is the next step on our migration.




Search Airheads
Showing results for 
Search instead for 
Did you mean: