Configuring MAC-Based Authentication
Before configuring MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. -based authentication, you must configure the following options:
- User role—The user role that will be assigned as the default role for the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. -based authenticated clients. (See Roles and Policies for information on firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies to configure roles.)
- Configure the default user role for MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. -based authentication in the AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile. If derivation rules exist or if the client configuration in the internal database has a role assigned, these values take precedence over the default user role.
- Authentication server group—The authentication server group that the managed device uses to validate the clients. The internal database can be used to configure the clients for MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. -based authentication. See Configuring Clients for information on configuring the clients on the local database. For information on configuring authentication servers and server groups, see Authentication Servers.
The following section describes how to configure the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication profile:
Configuring the MAC Authentication Profile
The following procedure describes how to configure MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. -based authentication:
- In the managed device. node hierarchy, select a
- Navigate to the tab.
- Click .
- In the window, click to create a new profile.
- Enter a .
- Configure the parameters, as described in Table 1.
- Click .
- Click .
- In the window, select the check box and click .
The following table describes the parameters that you can configure for MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. -based authentication.
Parameter |
Description |
Profile name |
Name of the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication profile. |
Delimiter |
Delimiter used in the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. string:
Default: none |
Case |
The case (upper or lower) used in the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. string. Default: lower |
Max Authentication failures |
Number of times a station can fail to authenticate before it is blacklisted. A value of zero disables blacklisting. Default: zero (0) |
Reauthentication |
Select the check box if you want to enable Reauthentication; Default: disable. |
Reauthentication Interval |
Time duration between reauthentication attempts. Configure a value in the range of 60–86,400. Reauthentication timer is configured in terms of seconds. |
Use Server provided Reauthentication Interval |
Select the check box to use the interval provided by the server; Default: disable. |
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure a MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication profile from the Mobility Master node:
(host)[mynode](config) #aaa authentication mac <profile>
(host) [mynode] (MAC Authentication Profile "profile") #case {lower|upper}
(host) [mynode] (MAC Authentication Profile "profile") #clone {default|<source>}
(host) [mynode] (MAC Authentication Profile "profile") #delimiter {colon|dash|none|oui-nic}
(host) [mynode] (MAC Authentication Profile "profile") #max-authentication-failures <max-authentication-failures-number>
(host) [mynode] (MAC Authentication Profile "profile") #reauthentication
(host) [mynode] (MAC Authentication Profile "profile") #timer reauth-period <reauth period>