Wireless Access

Reply
MVP

Initial, mac and 802.1x roles

Hi,


Needing a little clarification.

 

We apply 802.1x role for our corporate network.  My question is the INITIAL role is just set to logon and MAC set to guest as this is the default setting.  Should I be changed this or editing anything in this ?


A couple of mac users have complained the odd time they get re-directed to the secure aruba networks captive portal - even though this is not enabled on our controller.  However after a little digging I noticed macbooks by default have ipv6 set to automatic.  Also as part of the logon role there is an IPv6 redirect proxy to the captive portal - if the user fails to authenticate on a mac I am assuming they fall back on to the initial role which is logon and then it goes down the line of the captive portal.  Does this make sense? Any way I can stop this ?

 

Thanks

Scott

Regular Contributor I

Re: Initial, mac and 802.1x roles

Have you tried creating a new user role and mapping it to the initial role?

 

ip access list session 802.1X_initial

any any any permit

 

user-role corporate_initial

access list session 802.1X_initial

 

Map this role to the initial role for 802.1x

 

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.


Ajay Kumar Ravipati
ACMA (V8) | ACMP (V8) | CCENT | CCNA (R&S) | PAN-OS 8.0 ACE
MVP

Re: Initial, mac and 802.1x roles

Could i just for the corporate network set the INITIAL and MAC roles to a role i create myself basically saying:

 

Any any deny


And the only role that permits clients to be the 802.1x role?

 

Thanks

Regular Contributor I

Re: Initial, mac and 802.1x roles

Are you seeing an option to set the default mac role to default from the drop down instead of guest?

 

If not just create an ACL for deny and map it only to mac default role.

 

However map any any any permit to 802.1x initial role.

 

 

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.



 

Ajay Kumar Ravipati
ACMA (V8) | ACMP (V8) | CCENT | CCNA (R&S) | PAN-OS 8.0 ACE
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: