This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

MAC Authentication in VNS with NAC

MAC Authentication in VNS with NAC

RP_MDP
New Contributor

‎01-18-2019 09:20 AM

Hi everybody !

I must create a new SSID for mobile device and I want to do MAC authentication + WPA PSK Key.

We got NAC Appliance so I create a rule with just for the moment a match on an end-system group which contain my mobile.
I create a new WLAN services associate to a new ssid with WPA-PSK key in "Privacy" and choose disabled in "Auth&Acct" with the "Enable MAC-Based Authentication" where I specify my two NAC Appliance as Radius Servers.

When I'm trying to connect in the ssid with my mobile, I insert my key but the mobile is not connecting to the network and doen't take DHCP IP. I checked in NAC Manager with a configuration evaluation tool and I see that the mobile match the correct rule. When I do just WPA-PSK without MAC authentication, it's work fine.

Can someone help me ?

Regards,
RP
0 Kudos
5 REPLIES 5

RP_MDP
New Contributor

‎01-22-2019 09:06 AM

Hi,

Correct, he should not take this policy.

In my end-system view for this client, I have the "Poubelle" Profile and the reason "Default Catchall".

My rule with just an end-system group :

4dc3ef0567ef439495abb55ebcdc6282_0d9f3e0b-a90a-434c-95af-3f98e4b4c865.png


My profile :

4dc3ef0567ef439495abb55ebcdc6282_49e137eb-e4ff-4844-8f87-92a446ba8649.png


My policy :

4dc3ef0567ef439495abb55ebcdc6282_bfe02813-6b61-4984-977b-af3773f74b7e.png



I test with and without policy in my profile, i got the same result.

The result of my configuration eval tool :

4dc3ef0567ef439495abb55ebcdc6282_118991fd-239c-41a1-9903-907aa7c2071b.png


Thanks,

RP
0 Kudos

Ronald_Dvorak
Honored Contributor

‎01-21-2019 03:37 PM



I'd assume that is not the role that the client should get - correct ?!

In the end-system view of this client > what to you get in the column "profile" and "reason"

Please post a screenshot of...
  • the rule that you've created
  • "Profile" and "Accept Policy" = the pop up window if you click on it (see red arrows bellow)
e.g.

946f3cc950a84e5cacd93c761991d6c3_7dffd409-9673-4422-9e7c-358c88cd346d.png

0 Kudos

RP_MDP
New Contributor

‎01-21-2019 10:47 AM

Hi Tyler, Ronald,

@Tyler Marcotte : I see my mobile in NAC's end-systems and when I do a Configuration evaluation tool, I see that my device match my rule.

@Ronald Dvorak : I did what you ask, please check my screen :

eb0b98e4429b4de5b985d8766b7d9aed_c43d4727-57fc-42c7-9d0b-0f18e690a233.png


"Poubelle" is the name of my default catchall policy.

Thanks,

RP
0 Kudos

Ronald_Dvorak
Honored Contributor

‎01-20-2019 10:30 PM

Hi,

please do the following....

  • enable the station events > Controller > Logs > System Log Level > Report station events on controller
  • connect again with the client
  • check the logs > Logs > EWC > Station Events
  • filter on the client MAC
  • post a screenshot of the result
-Ron
0 Kudos
Top
GTM-P2G8KFN