Wireless Access

I have a Hidden SSID set up for only MAC Auth. It is set up so only a specific 30 clients can connect. The SSID is open, and these clients should connect and authenticate using Internal DB.

Currently this setup is working great, but for some reason certain clients won't authenticate. They will connect to the SSID and get an initial role, and then nothing. I've tried deleting them and re-adding them from the internal DB. I've tried disconnecting and recoonecting them, and even deleting them from the controller. Every time they connect they end up stuck in the initial role. Meanwhile 24 or so of these client authenticate without any issue.

All the clients are connection to 1 of 2 aps, same group, same controller, same aaa profile, same everything.

Any ideas?

Enable user debugging for the clients that have issues:  https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=21076

Attached log of user specific debug.

This line leads me to believe the authentication is simply failing

Nov 30 12:32:26 :522190:  <DBUG> |authmgr|  MAC=74:72:f2:36:ec:48 IP=0.0.0.0: MAC auth fail: entry-type=L2, bssid=18:64:72:36:d1:f5.

However, still not sure why.

Attachment(s)

logs.txt   22 KB 1 version

Are all usernames and passwords in the internal DB setup in the same format (case and delimeter)?    For example, lowercase with colons, etc.?    Check your MAC Authentication profile for the format it is expecting and make sure the account in the internal DB is setup right. 

Also, what role do you have setup for the failing accounts in the internal DB?   This may be overwriting the MAC Authentication default role.

MAC profile is expecting lower case and colon.

Username and Password set to 74:72:f2:36:ec:48

User role in local database and defaul MAC Authenticated defaul role are set to the same role, so if either one is taking preference, it should be a success.

Only Initial role is ever given to use.