Configuring MAC Authentication

MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is used for authenticating devices based on their physical MAC addresses. For MAC authentication, the MAC address of a machine must match an approved list of manually defined addresses on the switch. MAC authentication can be used alone or it can be combined with 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.

To configure MAC authentication for the switch ports, complete the following steps:

  1. In the Aruba Central app, select one of the following options:
    • To select a switch group in the filter:
      1. Set the filter to a group containing at least one switch.

        The dashboard context for the group is displayed.

      2. Under Manage, click Devices > Switches.
      3. Click the AOS-X Config or Config icon to view the switch configuration dashboard.
    • To select a switch in the filter:
      1. Set the filter to Global or a group containing at least one switch.
      2. Under Manage, click Devices > Switches.

        A list of switches is displayed in the List view.

      3. Click a switch under Device Name.

        The dashboard context for the switch is displayed.

      4. Under Manage, click Device.

        The tabs to configure the switch is displayed.

  2. Click Security > Authentication.
  3. In the Authentication tab, expand the MAC Authentication accordion. The Port Settings table displays the parameters configured for the port.
  4. Select one or more ports for which you want to enable MAC authentication and click the edit icon.
    The Edit Ports Selected window is displayed.
  5. Select Enable from the MAC Auth drop-down.
  6. Configure the following parameters.

    Table 1: Configuring MAC Authentication

    Name

    Description

    Value

    Client Limit

    The maximum number of clients to allow on the port.

    Default: 0

    UnAuthorized VLAN ID

    The VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to use for an unauthorized client.

    Default: 0

    Authorized VLAN ID

    The VLAN to use for an authorized client.

    Default: 0

    Reauth Period

    The time (in seconds) that the switch enforces on a client to re-authenticate. The client remains authenticated while the re-authentication occurs. When set to 0, re-authentication is disabled.

    Default: 300 seconds

    Cached Reauth Period

    The time (in seconds) when cached re-authentication is allowed on the port.

    Default: 0

    Log off Period

    The time (in seconds) that the switch enforces for an implicit logoff.

    Default: 300 seconds

    Quiet Period

    The time (in seconds) during which the port does not try to acquire a supplicant. The period begins after the last attempt authorized by the max-requests parameter fails.

    Default: 60 seconds

  7. Click Save Settings.