You are here: Authentication and User Management > Configuring MAC Authentication with 802.1X Authentication
Previous TopicNext Topic

Configuring MAC Authentication with 802.1X Authentication

This section describes the following procedures:

Configuring MAC and 802.1X Authentication for a Wireless Network Profile
Configuring MAC and 802.1X Authentication for Wired Profiles

Configuring MAC and 802.1X Authentication for a Wireless Network Profile

You can configure MAC authentication with 802.1X authentication for wireless network profile using the Instant UI or CLI.

In the Instant UI

To configure both MAC and 802.1X authentication for a wireless network:

1. In the Network tab, click New to create a new network profile or select an existing profile for which you want to enable MAC and 802.1X authentication and click edit.
2. In the Edit <profile-name> or New WLAN window, ensure that all required WLAN and VLAN attributes are defined, and then click Next.
3. In the Security tab, ensure that the required parameters for MAC authentication and 802.1X authentication are configured.
4. Select the Perform MAC authentication before 802.1X checkbox to use 802.1X authentication only when the MAC authentication is successful.
5. Select the checkbox MAC authentication fail-thru to use 802.1X authentication even when the MAC authentication fails.
6. Click Next and then click Finish to apply the changes.

In the CLI

To configure both MAC and 802.1X authentication for a wireless network:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# type {<Employee> | <Voice>| <Guest>}

(Instant AP)(SSID Profile <name>)# mac-authentication

(Instant AP)(SSID Profile <name>)# l2-auth-failthrough

(Instant AP)(SSID Profile <name>)# auth-server <server-name1>

(Instant AP)(SSID Profile <name>)# radius-reauth-interval <minutes>

(Instant AP)(SSID Profile <name>)# auth-survivability

(Instant AP)(SSID Profile <name>)# exit

(Instant AP)(config)# auth-survivability cache-time-out <hours>

(Instant AP)(config)# end

(Instant AP)# commit apply

Configuring MAC and 802.1X Authentication for Wired Profiles

You can configure MAC and 802.1X authentication for a wired profile in the Instant UI or CLI.

In the Instant UI

To enable MAC and 802.1X authentication for a wired profile:

1. Click the Wired link under More at the top right corner of the main window. The Wired window is displayed.
2. Click New under Wired Networks to create a new network or select an existing profile for which you want to enable MAC authentication and then click Edit.
3. In the New Wired Network or the Edit Wired Network window, ensure that all the required Wired and VLAN attributes are defined, and then click Next.
4. In the Security tab, enable the following options:
Select Enabled from the MAC authentication drop-down list.
Select Enabled from the 802.1X authentication drop-down list.
Select Enabled from the MAC authentication fail-thru drop-down list.
5. Specify the type of authentication server to use and configure other required parameters. For more information on configuration parameters, see Configuring Security Settings for a Wired Profile
6. Click Next to define access rules, and then click Finish to apply the changes.

In the CLI

To enable MAC and 802.1X authentication for a wired profile:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile "<name>")# type {<employee> |<guest>}

(Instant AP)(wired ap profile "<name>")# mac-authentication

(Instant AP)(wired ap profile "<name>")# dot1x

(Instant AP)(wired ap profile "<name>")# l2-auth-failthrough

(Instant AP)(wired ap profile "<name>")# auth-server <name>

(Instant AP)(wired ap profile "<name>")# server-load-balancing

(Instant AP)(wired ap profile "<name>")# radius-reauth-interval <Minutes>

(Instant AP)(wired ap profile "<name>")# end

(Instant AP)# commit apply