Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Occasional Contributor II

AP Wired Port

Hi All! I recently updated our wireless network to 8.3.0.6 and am having some trouble with the configuration. 

 

On the old 6.4 system, we had an AP group (Campus Offices) that locked down the hospitality ports to mac authentication using the internal controller database. One of my tier 2 techs informed me that they replaced a machine attached to a controller and it allowed the traffic even though I didn't add the new mac address into the controller. Is there something I am missing? I have attached some screenshots to show the current configs. The only difference I am seeing is the configs on Ethernet interface 0 port configuration and interface 1. 

MVP Guru

Re: AP Wired Port

Under the Wired AP config is it set to untrusted?



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: AP Wired Port

Yes it is. 

Frequent Contributor II

Re: AP Wired Port

Have you enabled MAC Authentication on your AAA Profile and specified the MAC Authentication Server Group? Go to your node where you will be making the change. Then go to Configuration -> Authentication -> AAA Profiles -> AAA -> then select your AAA Profile.

 

Once your AAA profile is selected, you will see a list of Authentication settings 802.1X Authentication, 802.1X authentication Server Group, MAC Authentication, MAC Authenticaiton Server Group, ...

 

Click on the MAC Authentication and create and configure the profile. The key thing here is to remember that the MC is sending the MAC to the Authentication server and doing a database lookup of the MAC as if it were a user, so the delimiter and case needs to be properly specified.

 

After the MAC Authentication profile is created, go to the MAC Authentication Server Group and select the server group that you will be authenticating against. If you have not created one, you will need to create/define a server first, and then create/define the server group.

 

I hope this helps,

 

David
Sr. Trainer and Author of "Understanding ArubaOS: Version 8.x" book
Occasional Contributor II

Re: AP Wired Port

I got it working. I turned off the trusted checkbox and it worked. 

 

 

Does anyone know how long it takes for a new entry into the internaldb to propagate down to the APs themselves? 

Frequent Contributor II

Re: AP Wired Port

If you want a Role Derivation Flowchart showing how roles are assigned, go to www.westcott-consulting.com and click on the Downloads link. You will need to enter your email info, which will put you on my mailing list, which you can remove yourself from (In two years I've yet to use it, but I will soon with the 8.x book coming out). You will get an email (check your junk area) and you can click the link to download 15 PDF files that might be helpful, including the Role Derivation Flowchart. These files are from 6.x, but probably 99% of what's in them is the same with 8.x.

 

I don't believe the internaldb propogates to the APs, but I could be wrong.

 

I hope this helps,

 

David
Sr. Trainer and Author of "Understanding ArubaOS: Version 8.x" book
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: