Controllerless Networks

Occasional Contributor II

Setting up MAC authentication.

I've set up MAC authentication on an SSID intended for user-owned devices.  I have not configured any security since my intention is to allow only authorized MACs to connect and use the SSID in question.

My understanding is that one needs to enable MAC authentication, choose InternalServer, and then add MAC address as username and password in the internal server database for each device I wish to allow.

I'm finding that clients can connect even though I have not added their MAC addresses to the database.

This is IAP firmware

There are 4 access rules in this order:

Allow DNS to All

Allow http to All

Allow https to All

Deny Any to All

Guru Elite

Re: Setting up MAC authentication.

Did you put mac addresses with no delimeter in the internal database?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Occasional Contributor II

Re: Setting up MAC authentication.

That is correct, no delimeter; uppercase support disabled; blacklisting disabled.

Contributor II

Re: Setting up MAC authentication.

What is the initial role in the AAA profile? Configure a policy called "DENYALL-POL" (any any any drop) and create a role called "DENYALL-ROLE". Assign DENYALL-POL to DENYALL-ROLE. Set this role as the initial role.


Configure Default MAC Authentication role whatever role you like. A device should get the Default MAC auth role if everything else is configured right.

Super Contributor II

Re: Setting up MAC authentication.

Below is the configuration which i have done


!! Create MAC Authentication Profile
!! Create Server Group and add server in it
!! Create AAA profile and add Server Group & MAC Authentication profile in it
!! create ssid profile
!! create  vap and Assign AAA & ssid profile to VAP
!! create AP group and add VAP into it

aaa authentication mac "MAC-Athentication-Profile"
  delimiter colon
  max-authentication-failures 0

aaa server-group "MAC-Authentication-ServerGroup"
  auth-server "Internal" position 1

aaa profile "MAC-Authentication-AAA-Profile"
  mac-default-role authenticated
  initial-role logon
  mac-server-group "MAC-Authentication-ServerGroup"
  authentication-mac "MAC-Athentication-Profile"
  authentication-dot1x "default"

wlan ssid-profile "MAC-Authentication-SSID-Profile"
  essid MAC-Authentication
  wpa-passphrase murad123
  opmode wpa2-psk-aes

wlan virtual-ap "MAC-Authentication-VAP-Profile"
  vlan 1
  aaa-profile "MAC-Authentication-AAA-Profile"
  ssid-profile "MAC-Authentication-SSID-Profile"

ap system-profile "MAC-Authentication-APSystemProfile"

ap-group "AP-Group"
  virtual-ap "MAC-Authentication-VAP-Profile"

Thanks & Regards
Syed Murad Ali
Search Airheads
Showing results for 
Search instead for 
Did you mean: