MAC authentication can be used alone or it can be combined with other forms of authentication such as WEP authentication. However, it is recommended that you do not use the MAC-based authentication.
This section describes the following procedures:
| Configuring MAC Authentication for Wireless Network Profiles |
| Configuring MAC Authentication for Wired Profiles |
You can configure MAC authentication for a wired profile in the Instant UI or CLI.
To enable MAC Authentication for a wireless network:
1. | In the Network tab, click to create a new network profile or select an existing profile for which you want to enable MAC authentication and click edit. |
2. | In the | or window, ensure that all required WLAN and VLAN attributes are defined, and then click .
3. | In the Security tab, select Enabled from the MAC authentication drop-down list, for Personal or Open security level. |
4. | Specify the type of authentication server to use. |
5. | If the internal authentication server is used, perform the following steps to allow MAC address based authentication: |
a. | Click the | link against the field. The window is displayed.
b. | Specify the client MAC address as the user name and password. |
c. | Specify the type of the user (employee or guest). |
d. | Click Add. |
e. | Repeat the steps to add more users. |
f. | Click | .
6. | To allow the IAP to use a delimiter in the MAC authentication request, specify a character ( for example, colon or dash) as a delimiter for the MAC address string. For example, if you specify the colon as a delimiter, MAC addresses in the xx:xx:xx:xx:xx:xx format are used. If the delimiter is not specified, the MAC address in the xxxxxxxxxxxx format is used. |
7. | To allow the IAP to use uppercase letters in the MAC address string, set to . |
8. | Configure other parameters as required. |
9. | Click Next to define access rules, and then click Finish to apply the changes. |
To configure MAC-address based authentication with external server:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# type {<Employee> | <Voice>| <Guest>}
(Instant AP)(SSID Profile <name>)# mac-authentication
(Instant AP)(SSID Profile <name>)# mac-authentication-delimiter <delim>
(Instant AP)(SSID Profile <name>)# mac-authentication-upper-case
(Instant AP)(SSID Profile <name>)# external-server
(Instant AP)(SSID Profile <name>)# auth-server <server-name1>
(Instant AP)(SSID Profile <name>)# auth-server <server-name2>
(Instant AP)(SSID Profile <name>)# server-load-balancing
(Instant AP)(SSID Profile <name>)# radius-reauth-interval <minutes>
(Instant AP)(SSID Profile <name>)# end
(Instant AP)# commit apply
To add users for MAC authentication based on internal authentication server:
(Instant AP)(config)# user <username> [<password>] [portal| radius]
(Instant AP)(config)# end
(Instant AP)# commit apply
You can configure MAC authentication for a wired profile in the Instant UI or CLI.
To enable MAC authentication for a wired profile:
1. | Click the Wired link under at the top right corner of the main window. The window is displayed. |
2. | Click New under to create a new network or select an existing profile for which you want to enable MAC authentication and then click Edit. |
3. | In the | or the window, ensure that all the required Wired and VLAN attributes are defined, and then click .
4. | In the Enabled from the MAC authentication drop-down list. | tab, select
5. | Specify the type of authentication server to use. |
6. | If the internal authentication server is used, perform the following steps to allow MAC address based authentication: |
a. | Click the | link against the field. The window is displayed.
b. | Specify the client MAC address as the user name and password. |
c. | Specify the type of the user (employee or guest). |
d. | Click Add. |
e. | Repeat the steps to add more users. |
f. | Click | .
7. | Configure other parameters as required. |
8. | Click Next to define access rules, and then click Finish to apply the changes. |
To configure MAC-address based authentication with external server:
(Instant AP)(config)# wired-port-profile <name>
(Instant AP)(wired ap profile <name>)# type {<employee> |<guest>}
(Instant AP)(wired ap profile <name>)# mac-authentication
(Instant AP)(wired ap profile <name>)# auth-server <server-1>
(Instant AP)(wired ap profile <name>)# auth-server <server-2>
(Instant AP)(wired ap profile <name>)# server-load-balancing
(Instant AP)(wired ap profile <name>)# radius-reauth-interval <Minutes>
(Instant AP)(wired ap profile <name>)# end
(Instant AP)# commit apply
To add users for MAC authentication based on internal authentication server:
(Instant AP)(config)# user <username> [<password>] [portal| radius]
(Instant AP)(config)# end
(Instant AP)# commit apply