This section describes the following procedures:
| Configuring MAC and 802.1X Authentication for a Wireless Network Profile |
| Configuring MAC and 802.1X Authentication for Wired Profiles |
You can configure MAC authentication with 802.1X authentication for wireless network profile using the Instant UI or CLI.
To configure both MAC and 802.1X authentication for a wireless network:
1. | In the Network tab, click to create a new network profile or select an existing profile for which you want to enable MAC and 802.1X authentication and click edit. |
2. | In the | or window, ensure that all required WLAN and VLAN attributes are defined, and then click .
3. | In the Security tab, ensure that the required parameters for MAC authentication and 802.1X authentication are configured. |
4. | Select the Perform MAC authentication before 802.1X checkbox to use 802.1X authentication only when the MAC authentication is successful. |
5. | Select the checkbox MAC authentication fail-thru to use 802.1X authentication even when the MAC authentication fails. |
6. | Click Next and then click Finish to apply the changes. |
To configure both MAC and 802.1X authentication for a wireless network:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# type {<Employee> | <Voice>| <Guest>}
(Instant AP)(SSID Profile <name>)# mac-authentication
(Instant AP)(SSID Profile <name>)# l2-auth-failthrough
(Instant AP)(SSID Profile <name>)# auth-server <server-name1>
(Instant AP)(SSID Profile <name>)# radius-reauth-interval <minutes>
(Instant AP)(SSID Profile <name>)# auth-survivability
(Instant AP)(SSID Profile <name>)# exit
(Instant AP)(config)# auth-survivability cache-time-out <hours>
(Instant AP)(config)# end
(Instant AP)# commit apply
You can configure MAC and 802.1X authentication for a wired profile in the Instant UI or CLI.
To enable MAC and 802.1X authentication for a wired profile:
1. | Click the Wired link under at the top right corner of the main window. The window is displayed. |
2. | Click New under to create a new network or select an existing profile for which you want to enable MAC authentication and then click Edit. |
3. | In the | or the window, ensure that all the required Wired and VLAN attributes are defined, and then click .
4. | In the | tab, enable the following options:
| Select Enabled from the MAC authentication drop-down list. |
| Select Enabled from the 802.1X authentication drop-down list. |
| Select Enabled from the drop-down list. |
5. | Specify the type of authentication server to use and configure other required parameters. For more information on configuration parameters, see Configuring Security Settings for a Wired Profile |
6. | Click Next to define access rules, and then click Finish to apply the changes. |
To enable MAC and 802.1X authentication for a wired profile:
(Instant AP)(config)# wired-port-profile <name>
(Instant AP)(wired ap profile "<name>")# type {<employee> |<guest>}
(Instant AP)(wired ap profile "<name>")# mac-authentication
(Instant AP)(wired ap profile "<name>")# dot1x
(Instant AP)(wired ap profile "<name>")# l2-auth-failthrough
(Instant AP)(wired ap profile "<name>")# auth-server <name>
(Instant AP)(wired ap profile "<name>")# server-load-balancing
(Instant AP)(wired ap profile "<name>")# radius-reauth-interval <Minutes>
(Instant AP)(wired ap profile "<name>")# end
(Instant AP)# commit apply