Idea: IdentiFi MAC Authentication without RADIUS

  • 1
  • Idea
  • Updated 3 years ago
  • Not Planned
  • (Edited)
MAC Authentication without RADIUS Server/Only with Controller
I was getting these request from couple of customers where in MAC Auth without RADIUS/only with controller. I have tested below config and found out working. I am posting here for more tweaks and suggestions.

Controller : V2110
OS : 9.15.03.005

 1. Create Role for MAC Authentication with access control option as Default deny.


2. Add rules under the role by clicking ADD button.


3. For both In and Out Filters, allow specified MAC Address


4. Similarly Create individual entries for each allowed MAC Address.


5. Now Role has been created. Create WLAN for MAC auth


6. Let the privacy be none and Authentication as disabled. Create new VNS to map WLAN services and Role.


 

What to do if you have hundreds of MAC address to be added?

Get all MAC address in and excel sheet and use concatenate functon to create the create command [Syntax given below]. Login to controller through putty and navigate to role and macauth and issue create commands copied from excel sheet. Sample given below

role
macauth
create 1 proto any eth any mac AB:CD:EF:12:34:56/48 0.0.0.0/0 in both out both allow priority none tos-dscp none cos none
apply
One Question I have in mind is "How many MAC address can be used to put in a single ruleset?"
Photo of Karthik

Karthik

  • 450 Points 250 badge 2x thumb

Posted 3 years ago

  • 1
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,192 Points 20k badge 2x thumb
Official Response