Security

Hi,

Here is the situation:

A single IAP 105 (OS 6.2) + Radius (Windows 2008 Server)

For the Employee WLAN, I would like to put WPA2 + MAC authentication. The WPA2 authentication is OK, i've checked "Mac authentication before 802.1X" but i don't find where to add the MAC adress list. Is it on the Radius Server? i've tried this way but it's unsuccessfull: https://kb.meraki.com/knowledge_base/creating-an-nps-policy-for-mac-based-authentication

How to activate the Mac authentication?

Thanks in advance.

http://www.arubanetworks.com/techdocs/Instant_40_WebHelp/InstantWebHelp.htm#UG_files/Authentication/MAC + 802.1X Authentication.htm

Thanks but i've already done that...Even the "failthrough" doesn't work, in le logs of the NPS server:

Reason Code:                                        16

Reason:                                                  Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

The user in NPS logs is the MAC adress, so i created an AD user with name & password = MAC adress of the computer

and i 've the same issue with a different error code:

Reason Code: 65

Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

So on the NPS server i've added a policy with condition "calling ID"  like descibed in this article but the issue is the same:

http://blogs.technet.com/b/nap/archive/2006/09/08/454705.aspx

I really don't know where to search...

If you are getting Reason code 65, you need to enable "Ignore user account dialin properties" in your remote access policy.