Security

Hi dears ,

 

I hvae only 1 SSID I want to configure MAC authentication for Specific devices and if MAC authentication fail I want this user to auuthenticate using 802.1x through AD username and password so I have configured the below:

 

 

Creat MAC Authentciation service and Creat statict host list and make MAC authetication service to be ordered #1 and Joined CP to Domain and use binding username and password and and create 802.1x Aruba wireless Service to and use authentication server AD so till now we didn't test so kindly confirm if there is something missing or something I should make sure of?

This is not possible on wireless with 802.1X. You can use MAC address as an authorization source after successful authentication.


Thanks,
Tim

I thought that if f I used MAC Authentication service and used Static Host list as authentication source it will match only with MAC adrdress in this list and if it not exist it will check for next service which is 802.1x service so kindly update me what is the best alternative to do so?

User authenticaton has to pass then the static host list can be used for authorization.

So kindly confirm if I created on AD an OU with all MAC address as username and password and create MAC authentication service and used this AD as authentication source will this work with MAC auth Method? and next service will be 802.1x as if user MAC address doesn't exist it will hit the next service which is 802.1x and use normal AD user name and password?

i believe that the problem is that your wireless controller won't do either MAC auth or dot1x. with aruba  you can get it to do both. but then both have to succeed. if one fails then there no access. it doesn't work like one fails, fallback to the other.

What about the opposite scenario, with wireless dot1x setup to say LDAP, if the LDAP check fails could you do a MAC-auth as second check? In this case you would have the client MAC address from the failed LDAP check.