Security

Reply
Highlighted
New Contributor

Compound Authentication with WLC && FreeRADIUS

I've searched in here, as well as some Googling, and have not come up with a solution, so I'm asking.

 

I'm using FreeRADIUS 3.0.13-9, on CentOS 7.6 as an authentication server for Airwave, WLC administrative access, and 802.1X.

 

Within FR, I am using peap/mschapv2 using ntlm_auth as the back-end. I also have some post-auth going on, using ldap to poll AD for group memberships (only for NAS-IP belonging to the WLC management IPs and airwave IP).

 

I have been tasked with creating a BSSID that requires two methods of authentication: MAC and username/password. Any FreeRADIUS gurus, or Airheads that have any suggestions?

 

Thanks

Guru Elite

Re: Compound Authentication with WLC && FreeRADIUS

You can use mac authentication using the controller's local database to store the mac addresses.  :   https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-MAC-based-authentication-on-Aruba/ta-p/182430


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
New Contributor

Re: Compound Authentication with WLC && FreeRADIUS

I get that. I understand how to do one at a time: MAC or User auth. The question is about how to do both for the same BSSID.

Guru Elite

Re: Compound Authentication with WLC && FreeRADIUS

When you add a mac authentication profile to the AAA profile, BOTH are done to the same SSID.  The device must pass mac authentication before user authentication.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Guru Elite

Re: Compound Authentication with WLC

A MAC address simply a piece of authorization data.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: