Occasional Contributor II

MAC-Authentication and 802.1x Auth / either or?



I have a case where I would like to authenticate some devices that can't speak RADIUS, with MAC-Auth instead. I have both profiles enabled in my AAA-profile and i can see in the logs that the device passes MAC-Auth, but then continuing on failing the 802.1X Auth.


To my question:


Is it possible to make a solution where if MAC-Auth passes, the authentication process won't continue to 802.1x? In other word: If either MAC-Auth OR 802.1x-Auth passes, user gets authenticated.


Thanks in advice!


Guru Elite

Re: MAC-Authentication and 802.1x Auth / either or?

You cannot do non-802.1X and 802.1X on the same SSID.

The common scenario is:

802.1X SSID

Open w/ MAC-Auth SSID (serves guests and MAC-auth devices)

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: MAC-Authentication and 802.1x Auth / either or?

To extend on that; what you ask can be done on wired. Just not on wireless.


The main reason for that WPA2-Enterprise does in addition to the 802.1X authentication the setup of the encryption keys in the same procedure. So if you have not done authentication, you cannot setup the encryption. Unfortunately there is no fallback for WPA2 (without encryption) if authentication fails, like with wired. 

If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: