Security

Reply
Highlighted
New Contributor

Compound Authentication with WLC && FreeRADIUS

I've searched in here, as well as some Googling, and have not come up with a solution, so I'm asking.

 

I'm using FreeRADIUS 3.0.13-9, on CentOS 7.6 as an authentication server for Airwave, WLC administrative access, and 802.1X.

 

Within FR, I am using peap/mschapv2 using ntlm_auth as the back-end. I also have some post-auth going on, using ldap to poll AD for group memberships (only for NAS-IP belonging to the WLC management IPs and airwave IP).

 

I have been tasked with creating a BSSID that requires two methods of authentication: MAC and username/password. Any FreeRADIUS gurus, or Airheads that have any suggestions?

 

Thanks


Accepted Solutions
Highlighted
Guru Elite

Re: Compound Authentication with WLC && FreeRADIUS

When you add a mac authentication profile to the AAA profile, BOTH are done to the same SSID.  The device must pass mac authentication before user authentication.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post


All Replies
Highlighted
Guru Elite

Re: Compound Authentication with WLC && FreeRADIUS

You can use mac authentication using the controller's local database to store the mac addresses.  :   https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-MAC-based-authentication-on-Aruba/ta-p/182430


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
New Contributor

Re: Compound Authentication with WLC && FreeRADIUS

I get that. I understand how to do one at a time: MAC or User auth. The question is about how to do both for the same BSSID.

Highlighted
Guru Elite

Re: Compound Authentication with WLC && FreeRADIUS

When you add a mac authentication profile to the AAA profile, BOTH are done to the same SSID.  The device must pass mac authentication before user authentication.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Highlighted
Moderator

Re: Compound Authentication with WLC

A MAC address simply a piece of authorization data.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: