Wireless Access

Reply
Frequent Contributor II

802.1x to mac authentication fallback

Hi,

 

We have 7210 controller with latest AOS.

How can we achieve 802.1x to mac address authentication fallback(without radius) for single SSID on controller.

Some more detail : suppose user is not able to login using 802.1x(credential) and his mac address present in controller local database then that user should get access. or vice versa.

 

Thank you..

 

 

Guru Elite

Re: 802.1x to mac authentication fallback

This is not possible. 802.1X cannot be combined with other authentication
methods. MAC address can be used during authorization with 802.1X.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Guru Elite

Re: 802.1x to mac authentication fallback

Successful 802.1x authentication is required to allow any user onto a 802.1x ssid as per the standard. Failure means no connection is allowed.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Super Contributor II

Re: 802.1x to mac authentication fallback

Hmm.. I might be misunderstanding the question but I´m pretty sure I´ve done what you´re asking for with l2-auth-fail-through. This won´t work if the client "fails" 802.1X though, might be the same if the radius request times out. You want to protect yourself from RADIUS server failure with this or what´s the purpose?

 

From the user guide:

l2-auth.JPG

 

Will that work for you?

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba Partner Ambassador
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP CWAP
Guru Elite

Re: 802.1x to mac authentication fallback

"Some more detail : suppose user is not able to login using 802.1x(credential) and his mac address present in controller local database then that user should get access. or vice versa."

 

If the user is not able to login using 802.1x, the user will not get on the network, regardless of the configuration..


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: