Hello,
I amtesting with a new device which was never before used in that WLAN.
It can enter the given WLAN "MAC" as soon as I type in the WPA2 passphrase gets an IP and everything is working - but it should not be allowed to.
show user-table gives me for this device:
Profile=MAC_aaa_prof
_________________________________
show aaa profile MAC_aaa_prof:
AAA Profile "MAC_aaa_prof"
--------------------------
Parameter Value
--------- -----
Initial role default-via-role
MAC Authentication Profile MAC
MAC Authentication Default Role guest
MAC Authentication Server Group internal
802.1X Authentication Profile MAC_dot1_aut
802.1X Authentication Default Role guest
802.1X Authentication Server Group N/A
Download Role from CPPM Disabled
Set username from dhcp option 12 Disabled
L2 Authentication Fail Through Disabled
Multiple Server Accounting Disabled
User idle timeout N/A
Max IPv4 for wireless user 2
RADIUS Accounting Server Group N/A
RADIUS Roaming Accounting Disabled
RADIUS Interim Accounting Disabled
RADIUS Acct-Session-Id In Access-Request Disabled
XML API server N/A
RFC 3576 server N/A
User derivation rules N/A
Wired to Wireless Roaming Enabled
Reauthenticate wired user on VLAN change Disabled
Device Type Classification Enabled
Enforce DHCP Disabled
PAN Firewall Integration Disabled
Open SSID radius accounting Disabled
Apply ageout mechanism on bridge mode wireless clients Disabled
___________________________________
show profile-list aaa authentication mac:
MAC Authentication Profile List
-------------------------------
Name References Profile Status
---- ---------- --------------
default 0
MAC 1
What is missing...?