Wireless Access

Reply

I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not working

I try first to use this procedure to test only L2 MAC Address Authentication but is not working:

 

http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/For-the-Beginner-MAC-Authentication-using-the-Controller/ta-p/32188

 

I can notice that controller version shown in the link is different from mine:

mine: 6.4.2.4

 

my WLC is a 7030

Guru Elite

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

Are you using PSK or 802.1X authentication? 


Thanks, 
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

Hi, I'm going to use PSK WAP2-AES.

Guru Elite

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

Can you post a screenshot of your AAA profile? 


Thanks, 
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

I deleted all configuration of MAC but was the same as the Link I sent.

I created a MAC Auth profile in Security > Authentication > L2 Authentication with colon and lower, then the server group,... and so on just as the link said. Tried twice!

Guru Elite

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

If the user fails MAC auth, they will be dumped into the initial role. Is that the role the device got? 


Thanks, 
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

user in bold letter is the only user added to the internal database:

 


local-userdb add username 84:3a:4b:29:19:52 password 84:3a:4b:29:19:52

 

WLC_WIFI) #show user-table

Users
-----
    IP              MAC            Name              Role           Age(d:h:m)  Auth  VPN link  AP name  Roaming   Essid/Bssid/Phy               Profile         Forward mode  Type   Host Name
----------     ------------       ------             ----           ----------  ----  --------  -------  -------   ---------------               -------         ------------  ----   ---------
192.168.1.105  84:3a:4b:29:19:52  84:3a:4b:29:19:52  guest          00:00:59    MAC             Stock-2  Wireless  TEMPO/94:b4:0f:91:7a:f3/a-HT  TEMPO-aaa_prof  tunnel        Win 7  
192.168.0.24   6c:88:14:45:fb:cc                     authenticated  00:00:59                    Stock-2  Wireless  TEMPO/94:b4:0f:91:7a:f3/a-HT  TEMPO-aaa_prof  tunnel        Win 7  

User Entries: 2/2
 Curr/**bleep** Alloc:8/937 Free:5/929 Dyn:13 AllocErr:0 FreeErr:0

 

 

Guru Elite

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

What is your initial-role set to?

 

What is the role you assigned to that MAC in the internal database?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

Hi, I think that your question was the key to solve the problem I had. I put the initial role in deny all. Then when I used any machine defined in Internal database, everything works fine. Can I define users by groups, to use some MACs for an SSID and the some other MACs for other different SSID. How can I do this?. Creating a new role?

Guru Elite

Re: I'm trying to enforce L2 security using MAC Address in conjunction with WPA2-AES, but not workin

No, you would need an external policy engine like ClearPass to get that
granular.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: