Wireless Access

Hello~! 

I try this ....

A user whose ID / PW is registered in the authentication server connects to the SSID.
At this time, the user with the registered MAC address uses the Internet,
Users who do not have a mac address registered should go to the captive portal page.

So I set up AAA, MAC authentication, 802.1X, portal profile.
However, if the Mac authentication is denied, the captive portal page will not be displayed and the ssid connection will be disconnected.

aruba controller have not this option? 

When tested with the Cisco controller, it succeeded by checking 802.1x and mac filters on the L2 option and checking the On Mac filter failure on the L3 option.

Thank you for all the reply

In your AAA profile, enabling l2-auth-fail-through will allow 802.1x to continue if mac authentication fails.  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_profile.htm?Highlight=l2-auth-fail-through

Thank you for reply

i tested L2-auth-fail-through. 

using l2-auth-fail-through , user fail mac authentication . using internet by 802.1x 

but i want that if user fail mac authentication . viewing web redirection page.

also if user athenticated mac authenticaition . using internet.

Thank you for your interest.

If you have a mac authentication profile applied to the AAA profile and a user fails mac authentication with "l2-fail-through", the user will get the default 802.1x role in the AAA profile.  If the user passes mac authentication and 802.1x authentication, the user will get the default mac authentication role.

If you want a user to get the captive portal when they authenticate to 802.1x successfully and fail mac auth, make the default 802.1x role in the AAA profile "xxx-logon" or whatever your guest users in the captive portal get.