cancel
Showing results for 
Search instead for 
Did you mean: 

MAC Authentication in VNS with NAC

MAC Authentication in VNS with NAC

RP_MDP
New Contributor
Hi everybody !

I must create a new SSID for mobile device and I want to do MAC authentication + WPA PSK Key.

We got NAC Appliance so I create a rule with just for the moment a match on an end-system group which contain my mobile.
I create a new WLAN services associate to a new ssid with WPA-PSK key in "Privacy" and choose disabled in "Auth&Acct" with the "Enable MAC-Based Authentication" where I specify my two NAC Appliance as Radius Servers.

When I'm trying to connect in the ssid with my mobile, I insert my key but the mobile is not connecting to the network and doen't take DHCP IP. I checked in NAC Manager with a configuration evaluation tool and I see that the mobile match the correct rule. When I do just WPA-PSK without MAC authentication, it's work fine.

Can someone help me ?

Regards,
RP
5 REPLIES 5

RP_MDP
New Contributor
Hi,

Correct, he should not take this policy.

In my end-system view for this client, I have the "Poubelle" Profile and the reason "Default Catchall".

My rule with just an end-system group :

4dc3ef0567ef439495abb55ebcdc6282_0d9f3e0b-a90a-434c-95af-3f98e4b4c865.png


My profile :

4dc3ef0567ef439495abb55ebcdc6282_49e137eb-e4ff-4844-8f87-92a446ba8649.png


My policy :

4dc3ef0567ef439495abb55ebcdc6282_bfe02813-6b61-4984-977b-af3773f74b7e.png



I test with and without policy in my profile, i got the same result.

The result of my configuration eval tool :

4dc3ef0567ef439495abb55ebcdc6282_118991fd-239c-41a1-9903-907aa7c2071b.png


Thanks,

RP

Ronald_Dvorak
Honored Contributor


I'd assume that is not the role that the client should get - correct ?!

In the end-system view of this client > what to you get in the column "profile" and "reason"

Please post a screenshot of...
  • the rule that you've created
  • "Profile" and "Accept Policy" = the pop up window if you click on it (see red arrows bellow)
e.g.

946f3cc950a84e5cacd93c761991d6c3_7dffd409-9673-4422-9e7c-358c88cd346d.png

RP_MDP
New Contributor
Hi Tyler, Ronald,

@Tyler Marcotte : I see my mobile in NAC's end-systems and when I do a Configuration evaluation tool, I see that my device match my rule.

@Ronald Dvorak : I did what you ask, please check my screen :

eb0b98e4429b4de5b985d8766b7d9aed_c43d4727-57fc-42c7-9d0b-0f18e690a233.png


"Poubelle" is the name of my default catchall policy.

Thanks,

RP

Ronald_Dvorak
Honored Contributor
Hi,

please do the following....

  • enable the station events > Controller > Logs > System Log Level > Report station events on controller
  • connect again with the client
  • check the logs > Logs > EWC > Station Events
  • filter on the client MAC
  • post a screenshot of the result
-Ron
GTM-P2G8KFN