Wireless Access

Reply
Frequent Contributor II

802.1x to mac authentication fallback

Hi,

 

We have 7210 controller with latest AOS.

How can we achieve 802.1x to mac address authentication fallback(without radius) for single SSID on controller.

Some more detail : suppose user is not able to login using 802.1x(credential) and his mac address present in controller local database then that user should get access. or vice versa.

 

Thank you..

 

 


Accepted Solutions
Highlighted
Moderator

Re: 802.1x to mac authentication fallback

This is not possible. 802.1X cannot be combined with other authentication
methods. MAC address can be used during authorization with 802.1X.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: 802.1x to mac authentication fallback

This is not possible. 802.1X cannot be combined with other authentication
methods. MAC address can be used during authorization with 802.1X.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Guru Elite

Re: 802.1x to mac authentication fallback

Successful 802.1x authentication is required to allow any user onto a 802.1x ssid as per the standard. Failure means no connection is allowed.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Highlighted
Super Contributor II

Re: 802.1x to mac authentication fallback

Hmm.. I might be misunderstanding the question but I´m pretty sure I´ve done what you´re asking for with l2-auth-fail-through. This won´t work if the client "fails" 802.1X though, might be the same if the radius request times out. You want to protect yourself from RADIUS server failure with this or what´s the purpose?

 

From the user guide:

l2-auth.JPG

 

Will that work for you?

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba Partner Ambassador
Aruba: ACMX #537 ACCP ACDP | CWNP: CWNE #306
Highlighted
Guru Elite

Re: 802.1x to mac authentication fallback

"Some more detail : suppose user is not able to login using 802.1x(credential) and his mac address present in controller local database then that user should get access. or vice versa."

 

If the user is not able to login using 802.1x, the user will not get on the network, regardless of the configuration..


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: