Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Problem in MAC based Authentication.

This thread has been viewed 5 times

  • 1.  Problem in MAC based Authentication.

    Posted Sep 04, 2013 03:46 AM

    AAA Mac role.jpg

     

     

    i want to know, which role i have to select in the internal db, logon or authentication ?

     

    Internal DB role.jpg

     

     

    Now the Major Problem is, I have entered the username/password MAC in the internal db and also the enable the this user, sometimes this user is able and sometimes unable to browse and when i disable this user it still able to browse.

     

    I disabled this user, after 30 secs i have again enabled this user , now is there any  specific time period when user session is proper established  again and able to browse ? because after 30 secs i am unable to browse. 

     

     

    Untitled.jpg

     

     

    kindly help me in this regard

     

     



  • 2.  RE: Problem in MAC based Authentication.
    Best Answer

    Posted Sep 04, 2013 06:05 AM

    The best way to configure the initial role for mac authentication is "Denyall" role. Create the customized role and write the acl "any any any deny" so that if the user failed the mac authentication; will not be able to pass any traffic until the mac address being authenticated against the internal db of the controller.

     

    Normally, by default when the mac-auth failts you will go to logon role which contains the captive portal acl for the user to get the redirection CP page. Again logon role should contatin the captive portal mapped to it in order to avoid the "web authentication disabled" message. 

     

    It depends on what you want. Either you can force them to put the user on logon when the mac auth fail  or place the user on denyall role to block all traffic.

     

    Hope this helps. Thank you.



  • 3.  RE: Problem in MAC based Authentication.

    Posted Sep 05, 2013 04:02 AM
    Hi Sriram,

    Thanks for the valuable information. I have facing the same problem
    we have implemented MAC based authentication with initial role "logon" so that if mac authentication is failed the user is redirected to captive portal page.
    In our case when mac authentication failed the user get CP page properly and when it enter "Email address" ( we we have applied only guest login) the same page of web authentication is disable has shown although user gets authentication role and start using service but whenever a user user sees CP page it always see web authenticated page for a moment.

    Please also note that we have disable welcome page as well
    Please advice how to resolve this issyu.


  • 4.  RE: Problem in MAC based Authentication.

    Posted Sep 09, 2013 12:51 AM

    Thanxx sriram...

     

     

    find a solution by your support :)