Security

Reply
Occasional Contributor II

Failed MAC AUTH

I finally think I have beat the Appl CNA issue I have been having. Now I want to fix my metrics as MAC AUTH is throwing a ton of Failed Authentications and I dont really want to see a Failure on a device that has NEVER been connected before. Now if I get a MAC AUTH failure on a known endpoint, that would be good to have in the log. 

 

Maybe I can AUTH the unknowns and put them in the login role. But a pass most likely wouldn't jump to the User Auth with Mac Cacheing right?

Guru Elite

Re: Failed MAC AUTH

Allow All MAC Auth should always be used with any MAC auth workflow to drop the device into either a profile or splash role.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Failed MAC AUTH

So i have Allow All MAC AUTH as the Authentication Method. Are you saying instead of "Deny Access Profile" on the Default Profile for the Enforcement Policy, I should pick the guest-login role?

Guru Elite

Re: Failed MAC AUTH

Yes, create a new enforcement profile that returns your splash or profile role.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Failed MAC AUTH

Thank you, this Apple CNA has been stressing me and I finally seem to have it working. 300 person event tomorrow will be the true test. Wish I could remove all those thousands of failed auths to help the metrics, but I may let time average it out and use it for future reference.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: