Wireless Access

Contributor II

MAC filtering based on Active Directory list

Hi community


We are implementing an Aruba deployment to one of our clients.


The client has Cisco WLAN controllers with SSIDs using WPA2 with MAC filtering. On those controllers they added the Active Directory as a RADIUS server to validate that the MAC address exists on a specific list of MAC.


So they are asking us to configure that on our Aruba Controllers. I have added the AD server as Radius server under Authentication tab and I have enabled MAC authentication on the WLAN wizard. I know that MAC filtering isn't secure and will not scale well but that is what our customer wants.


So I want to know if we can implement that.


Thank you in advance.

Guru Elite

Re: MAC filtering based on Active Directory list

So you are creating AD accounts for each MAC address?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: MAC filtering based on Active Directory list

Yes, an account for each MAC.

Guru Elite

Re: MAC filtering based on Active Directory list

The AAA profile on the Aruba Controller has a mac authentication profile.  You need to make sure that the case and delimeter  in that profile match what is in AD.  Also, the controller expects the username and password to be the mac address when pointed to that radius server.  Lastly, the radius server will need to have PAP enabled to successfully authenticate mac addresses.


I would so anything to steer the customer to something like 802.1x instead of going through this exercise.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: