Table of Contents
Advertisement
MAC Authentication
MAC authentication is used for authenticating devices based on their physical MAC addresses. MAC
authentication requires that the MAC address of a machine matches a manually defined list of addresses. This
authentication method is not recommended for scalable networks and the networks that require stringent
security settings. For more information on configuring an IAP to use MAC authentication, see
Authentication for a Network Profile on page
MAC Authentication with 802.1X Authentication
This authentication method has the following features:
MAC authentication precedes 802.1X authentication—The administrators can enable MAC authentication
l
for 802.1X authentication. MAC authentication shares all the authentication server configurations with
802.1X authentication. If a wireless or wired client connects to the network, MAC authentication is
performed first. If MAC authentication fails, 802.1X authentication does not trigger. If MAC authentication
is successful, 802.1X authentication is attempted. If 802.1X authentication is successful, the client is
assigned an 802.1X authentication role. If 802.1X authentication fails, the client is assigned a deny-all role
or mac-auth-only role.
MAC authentication only role—Allows you to create a mac-auth-only role to allow role-based access rules
l
when MAC authentication is enabled for 802.1X authentication. The mac-auth-only role is assigned to a
client when the MAC authentication is successful and 802.1X authentication fails. If 802.1X authentication
is successful, the mac-auth-only role is overwritten by the final role. The mac-auth-only role is primarily
used for wired clients.
L2 authentication fall-through—Allows you to enable the l2-authentication-fallthrough mode. When
l
this option is enabled, the 802.1X authentication is allowed even if the MAC authentication fails. If this
option is disabled, 802.1X authentication is not allowed. The l2-authentication-fallthrough mode is
disabled by default.
For more information on configuring an IAP to use MAC as well as 802.1X authentication, see
MAC Authentication with 802.1X Authentication on page
Captive Portal Authentication
Captive portal authentication is used for authenticating guest users. For more information on captive portal
authentication, see
MAC Authentication with Captive Portal Authentication
You can enforce MAC authentication for captive portal clients. For more information on configuring an IAP to
use MAC authentication with captive portal authentication, see
Portal Authentication on page
802.1X Authentication with Captive Portal Role
This authentication mechanism allows you to configure different captive portal settings for clients on the same
SSID. For example, you can configure an 802.1X SSID and create a role for captive portal access, so that some
of the clients using the SSID derive the captive portal role. You can configure rules to indicate access to external
or internal captive portal, or none. For more information on configuring captive portal roles for an SSID with
802.1X authentication, see
WISPr Authentication
Wireless Internet Service Provider roaming (WISPr) authentication allows the smart clients to authenticate on
the network when they roam between wireless Internet service providers, even if the wireless hotspot uses an
Internet Service Provider (ISP) with whom the client may not have an account.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Captive Portal for Guest Access on page
174.
Configuring Captive Portal Roles for an SSID on page
170.
172.
117.
Configuring MAC Authentication with Captive
Configuring MAC
138.
Authentication and User Management |
Configuring
149
Hide quick links:
Advertisement
Table of Contents
