Wireless Access

Occasional Contributor I

MAC authentication with an 802.11x profile

Hi there,


Our controller uses WPA2 authentication to authenticate client machines. I am now implementing a MAC address filter on top of the WPA2 authentication, but something doesn't seem right.


Some of our users will get connected, their role will change, but they will not get an IP address (DHCP is passed off to a windows server).


In the AAA profile I have my initial role set to denyall, and then I set the mac auth AND 802.1x roles to logon.


Which occurs first, the MAC auth or the WPA2 auth? Should one of them be set to denyall? This problem is only occuring with a small subset of machines, all others were able to authenticate and get online.


If it matters, we run OS X machines. The ones that don't get online assign themselves a 169.x.x.x IP address and put an exclamation through the wifi icon

Guru Elite

Re: MAC authentication with an 802.11x profile

Do NOT set the initial role to deny all.  By default if you have a mac authentication profile and the user does not pass, they should not be able to get on.  If they pass, the resulting role should be the mac authentication default role in the AAA profile.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Search Airheads
Showing results for 
Search instead for 
Did you mean: