You are here: Authentication and User Management > Configuring MAC Authentication for a Network Profile
Previous TopicNext Topic

Configuring MAC Authentication for a Network Profile

MAC authentication can be used alone or it can be combined with other forms of authentication such as WEP authentication. However, it is recommended that you do not use the MAC-based authentication.

This section describes the following procedures:

Configuring MAC Authentication for Wireless Network Profiles
Configuring MAC Authentication for Wired Profiles

Configuring MAC Authentication for Wireless Network Profiles

You can configure MAC authentication for a wired profile in the Instant UI or CLI.

In the Instant UI

To enable MAC Authentication for a wireless network:

1. In the Network tab, click New to create a new network profile or select an existing profile for which you want to enable MAC authentication and click edit.
2. In the Edit <profile-name> or New WLAN window, ensure that all required WLAN and VLAN attributes are defined, and then click Next.
3. In the Security tab, select Enabled from the MAC authentication drop-down list, for Personal or Open security level.
4. Specify the type of authentication server to use.
5. If the internal authentication server is used, perform the following steps to allow MAC address based authentication:
a. Click the Users link against the Internal server field. The Users window is displayed.
b. Specify the client MAC address as the user name and password.
c. Specify the type of the user (employee or guest).
d. Click Add.
e. Repeat the steps to add more users.
f. Click OK.
6. To allow the IAP to use a delimiter in the MAC authentication request, specify a character ( for example, colon or dash) as a delimiter for the MAC address string. For example, if you specify the colon as a delimiter, MAC addresses in the xx:xx:xx:xx:xx:xx format are used. If the delimiter is not specified, the MAC address in the xxxxxxxxxxxx format is used.
7. To allow the IAP to use uppercase letters in the MAC address string, set Uppercase support to Enabled.
8. Configure other parameters as required.
9. Click Next to define access rules, and then click Finish to apply the changes.

In the CLI

To configure MAC-address based authentication with external server:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# type {<Employee> | <Voice>| <Guest>}

(Instant AP)(SSID Profile <name>)# mac-authentication

(Instant AP)(SSID Profile <name>)# mac-authentication-delimiter <delim>

(Instant AP)(SSID Profile <name>)# mac-authentication-upper-case

(Instant AP)(SSID Profile <name>)# external-server

(Instant AP)(SSID Profile <name>)# auth-server <server-name1>

(Instant AP)(SSID Profile <name>)# auth-server <server-name2>

(Instant AP)(SSID Profile <name>)# server-load-balancing

(Instant AP)(SSID Profile <name>)# radius-reauth-interval <minutes>

(Instant AP)(SSID Profile <name>)# end

(Instant AP)# commit apply

 

To add users for MAC authentication based on internal authentication server:

(Instant AP)(config)# user <username> [<password>] [portal| radius]

(Instant AP)(config)# end

(Instant AP)# commit apply

Configuring MAC Authentication for Wired Profiles

You can configure MAC authentication for a wired profile in the Instant UI or CLI.

In the Instant UI

To enable MAC authentication for a wired profile:

1. Click the Wired link under More at the top right corner of the main window. The Wired window is displayed.
2. Click New under Wired Networks to create a new network or select an existing profile for which you want to enable MAC authentication and then click Edit.
3. In the New Wired Network or the Edit Wired Network window, ensure that all the required Wired and VLAN attributes are defined, and then click Next.
4. In the Security tab, select Enabled from the MAC authentication drop-down list.
5. Specify the type of authentication server to use.
6. If the internal authentication server is used, perform the following steps to allow MAC address based authentication:
a. Click the Users link against the Internal server field. The Users window is displayed.
b. Specify the client MAC address as the user name and password.
c. Specify the type of the user (employee or guest).
d. Click Add.
e. Repeat the steps to add more users.
f. Click OK.
7. Configure other parameters as required.
8. Click Next to define access rules, and then click Finish to apply the changes.

In the CLI

To configure MAC-address based authentication with external server:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile <name>)# type {<employee> |<guest>}

(Instant AP)(wired ap profile <name>)# mac-authentication

(Instant AP)(wired ap profile <name>)# auth-server <server-1>

(Instant AP)(wired ap profile <name>)# auth-server <server-2>

(Instant AP)(wired ap profile <name>)# server-load-balancing

(Instant AP)(wired ap profile <name>)# radius-reauth-interval <Minutes>

(Instant AP)(wired ap profile <name>)# end

(Instant AP)# commit apply

To add users for MAC authentication based on internal authentication server:

(Instant AP)(config)# user <username> [<password>] [portal| radius]

(Instant AP)(config)# end

(Instant AP)# commit apply