Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

What is the defference between L2-Authentication and 3-Auth

This thread has been viewed 7 times

  • 1.  What is the defference between L2-Authentication and 3-Auth

    Posted Jun 03, 2019 07:00 PM

    what is the step shoul the cilent follow to connect to SSID that related to authentication server "LDAP/Raduis"

     

    example

    wirte user and password in SSID

    then get ip adddress from DHCP or first controller make to it authentication from raduis ?



  • 2.  RE: What is the defference between L2-Authentication and 3-Auth

    Posted Jun 03, 2019 10:21 PM

    With L3 authentication the client receives an IP address before going through authentication. The client gets IP, is assigned limited access, and then authenticates, typically captive portal. VPN is also a L3 authentication.

     

    With L2 authentication the client devices does an 802.11 authentication and association. At this point the client can communicate through the controller, but only to do 802.1X/EAP authentication. After the client authentication is successful, the client is assigned a post logon role, allowing the client to obtain an IP address and access the the network with whatever permissions are assigned to the client.

     

    I hope this helps,

     



  • 3.  RE: What is the defference between L2-Authentication and 3-Auth

    Posted Jun 15, 2019 12:00 AM

    thanks for your reply

     

    At this point the client can communicate through the controller, but only to do 802.1X/EAP authentication >> before user get ip how it communitacte with controller in defferent subnet and make authentication 

     

    PSK need L2 or L3

     

     



  • 4.  RE: What is the defference between L2-Authentication and 3-Auth

    Posted Jun 15, 2019 12:08 AM

    I just described the communication process in a response to another question

     

    https://community.arubanetworks.com/t5/Wireless-Access/Aruba-Wireless-packet-flow-from-user-to-server/m-p/541669#M92198

     

    The process is the same except your client is an 802.1X/EAP Supplicant and is sending EAP frames to the AP. The AP is packaging them up the same way as I describe in the other response. When the frames get to the controller, the controller is the 802.1X/EAP authenticator. It will take the frames and process them, ultimately forwarding them to the 802.1X/EAP Authentication Server, such as a ClearPass server.

     



  • 5.  RE: What is the defference between L2-Authentication and 3-Auth

    Posted Jun 15, 2019 12:13 AM

    PSK is technically a L2 authentication, even though there is not actually any "authentication" occurring in the sense of authenticating an identity. In this type of scenario, I sometimes will refer to it as a L2 access, although it is still technically a L2 authentication. If the PSK is valid, then you can transmit frames that the AP can understand, and you will then have access, and can then obtain an IP address. If the PSK is not valid, then the AP will not understand your frames, and you will not be able to get an IP address.

     

    Even an Open SSID technically uses L2 authentication. If you know the SSID, and connect to it, you can then get an IP address. If you don't know the SSID, or don't try to connect to it, you cannot obtain an IP address.

     

    I hope this helps,