Wireless Access

Reply
Occasional Contributor I

WIFI 802.1x + MAC at the same time

Hi All, 

 

We want to deploy an SSID with 802.1x autentication (EAP -TLS) and MAC (+ Captive Portal) at the same time.


We would use the MAC autentication for non 802.1x supplicant devices.


As far as we know, it is not possible, but please we need you confirm it.

Our final client wants connect to the same SSID devices that authenticates with certificates and other devices like "client brigde" that do not have 802.1x supplicant.
Also, the client wants that if the MAC authentication fail, the device will be redirect to a Captive Portal.

Could somebody confirm me if that is it possible?

 

Thanks, 

Super Contributor I

Re: WIFI 802.1x + MAC at the same time

802.1x authentication needs to have it’s own SSID. Mac auth can be enabled on an open or PSK network.

If MAC auth fails a captive portal can be displayed based on the role returned from clearpass or the initial role configured in the AAA profile. This is how the guest workflow works with clearpass.

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Occasional Contributor I

Re: WIFI 802.1x + MAC at the same time

Thanks, 

 

I have read that when you configure MAC + 802.1x in the same SSID you perform BOTH authentications, is it correct?  

 

I would like to explain you my case. We have different devices:

  • PCs (have 802.1x supplicant but not configured).
  • Smartphone (with certificate installed – supplicant configured)
  • Client bridge, PIP, old printers, etc (without 802.1x supplicant, so impossible to make 802.1x authentication)

Our final client want in the same SSID this:

 

  • PCs --> Make MAC authentication and default role redirect to a captive portal.
  • Smartphone --> Make EAP-TLS authentication and there are authenticated.
  • Client Bridge, PIP, old printer --> Make MAC authentication and there are authenticated.

I think that when you enable WPA-AES for the 802.1x  in the SSID profile, you must do this type of encyptation mandatory to establish the association, it is right? 

 

Super Contributor I

Re: WIFI 802.1x + MAC at the same time

You can't connect none 802.1x clients to an 802.1x SSID.
In this case you need two SSID's


* SSID with WPA2 802.1x authentication
* SSID with WPA2-PSK and MAC auth (or open network)

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: