Message Image

Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

Skip main navigation (Press Enter).

Wireless Access

last person joined: yesterday

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.

Back to discussions

Expand all | Collapse all

MAC + 802.1x Authentication Policy on Controller

This thread has been viewed 2 times

1. MAC + 802.1x Authentication Policy on Controller

0 Kudos
TCK2534
Posted Sep 29, 2016 01:23 AM

Reply Reply Privately
If I have 1 SSID, at this SSID, Can I do this as below?
1) 802.1x + Permitted MAC Address = Return Role1
2) If failed from 1) (authenticate with 802.1x only) = Return Role2

Authentication Server = Microsoft radius (NPS)
2. RE: MAC + 802.1x Authentication Policy on Controller

0 Kudos
EMPLOYEE

cjoseph
Posted Sep 29, 2016 05:26 AM

Reply Reply Privately
Yes, you can.

http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/MAC_Authentication/Configuring_MAC_Based_Au.htm#mac_authentication_3812164677_1037542

If you have a mac authentication profile configured in the AAA profile, mac authentication occurs first before 802.1x authentication. If you have l2-authentication-fail-through disabled in the AAA profile (default), the client will be rejected immediately if mac authentication fails. If you have l2-authentication-fail-through enabled, the client will continue onto 802.1x authentication even if mac authentication fails. http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_profile.htm?Highlight=l2-auth-fail-through

Powered by Higher Logic