MAC Authentication with 802.1X Authentication

MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. Authentication with 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. Authentication method has the following features:

MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication precedes 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication—The administrators can enable MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication. MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication shares all the authentication server configurations with 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication. If a wireless or wired client connects to the network, MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is performed first. If MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication fails, 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication does not trigger. If MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is successful, 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication is attempted. If 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication is successful, the client is assigned an 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication role. If 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication fails, the client is assigned a deny-all role or mac-auth-only role.

MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication only role—Allows you to create a mac-auth-only role to allow role-based access rules when MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is enabled for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication. The mac-auth-only role is assigned to a client when the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is successful and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication fails. If 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication is successful, the mac-auth-only role is overwritten by the final role. The mac-auth-only role is primarily used for wired clients.

L2 authentication fall-through—Allows you to enable the l2-authentication-fallthrough mode. When this option is enabled, the 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication is allowed even if the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication fails. If this option is disabled, 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication is not allowed. The l2-authentication-fallthrough mode is disabled by default.

For more information on configuring anInstant AP to use MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. as well as 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication, see Configuring 802.1X Authentication for Wireless Network Profiles.

This section consists of the following procedures:

Configuring MAC and 802.1X Authentications for Wireless Network Profiles

Configuring MAC and 802.1X Authentications for Wireless Network Profiles

Configuring MAC and 802.1X Authentications for Wireless Network Profiles

Table 1: Configuring MAC and 802.1X Authentication for Wireless Network Profiles

New WebUI

Old WebUI

1. In the Configuration > Networks section, click + to create a new network profile or select an existing profile for which you want to enable MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentications and click Edit.

2. Ensure that all required WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. and VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. attributes are defined, and then click Next.

3. Under Security tab, select Enterprise from the Security Level drop-down list. Ensure that the required parameters for MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication are configured.

4. Select the Perform MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication before 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. check box to use 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication only when the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is successful.

5. Select the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication fail-thru check box to use 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication even when the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication fails.

6. Click Next and until Finish to apply the changes.

1. On the Networks tab, click New to create a new network profile or select an existing profile for which you want to enable MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentications and click edit.

2. In the Edit <profile-name> or the New WLAN window, ensure that all required WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. and VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. attributes are defined, and then click Next.

3. On the Security tab, move the slider to the Enterprise security level. Ensure that the required parameters for MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication are configured.

4. Select the Perform MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication before 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. check box to use 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication only when the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is successful.

5. Select the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication fail-thru check box to use 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication even when the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication fails.

6. Click Next and then click Finish to apply the changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. Authentications for a Wireless Network profile:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# type {<Employee>|<Voice>|<Guest>}

(Instant AP)(SSID Profile <name>)# mac-authentication

(Instant AP)(SSID Profile <name>)# l2-auth-failthrough

(Instant AP)(SSID Profile <name>)# auth-server <server-name1>

(Instant AP)(SSID Profile <name>)# radius-reauth-interval <minutes>

(Instant AP)(SSID Profile <name>)# auth-survivability

(Instant AP)(SSID Profile <name>)# exit

(Instant AP)(config)# auth-survivability cache-time-out <hours>

Configuring MAC and 802.1X Authentications for Wired Network Profiles

The following procedure describes how to configure MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentications for a wired profile in the WebUI.

Table 2: Configuring MAC and 802.1X Authentication for Wired Profiles

New WebUI

Old WebUI

1. In the Configuration > Networks section, click + to create a new network profile or select an existing profile for which you want to enable MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentications and click Edit.

2. Ensure that all required WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. and VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. attributes are defined, and then click Next.

3. Under Security tab, perform the following steps:

a. Toggle the MAC authentication switch to enable.

b. Toggle the 802.1X authentication switch to enable.

c. Toggle the MAC authentication fail-thru switch to enable.

4. In the Authentication server 1 drop-down list, specify the type of authentication server to use and configure other required parameters. For more information on configuration parameters, see Configuring Security Settings for a Wired Employee Network .

5. Click Next to define access rules, and then click Finish to apply the changes.

1. Click the Wired link under More in the main window. The Wired window is displayed.

2. Click New under Wired Networks to create a new network or select an existing profile for which you want to enable MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication and then click Edit.

3. In the New Wired Network or the Edit Wired Network window, ensure that all the required wired and VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. attributes are defined, and then click Next.

4. On the Security tab, perform the following steps:

a. Select Enabled from the MAC authentication drop-down list.

b. Select Enabled from the 802.1X authentication drop-down list.

c. Select Enabled from the MAC authentication fail-thru drop-down list.

5. In the Authentication server 1 drop-down list, specify the type of authentication server to use and configure other required parameters. For more information on configuration parameters, see Configuring Security Settings for a Wired Employee Network .

6. Click Next to define access rules, and then click Finish to apply the changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands enable MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentications for a wired profile:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile "<name>")# type {<employee>|<guest>}

(Instant AP)(wired ap profile "<name>")# mac-authentication

(Instant AP)(wired ap profile "<name>")# dot1x

(Instant AP)(wired ap profile "<name>")# l2-auth-failthrough

(Instant AP)(wired ap profile "<name>")# auth-server <name>

(Instant AP)(wired ap profile "<name>")# server-load-balancing

(Instant AP)(wired ap profile "<name>")# radius-reauth-interval <Minutes>