cancel
Showing results for 
Search instead for 
Did you mean: 

Idea: IdentiFi MAC Authentication without RADIUS

Idea: IdentiFi MAC Authentication without RADIUS

Karthik1
New Contributor II
MAC Authentication without RADIUS Server/Only with Controller
I was getting these request from couple of customers where in MAC Auth without RADIUS/only with controller. I have tested below config and found out working. I am posting here for more tweaks and suggestions.

Controller : V2110
OS : 9.15.03.005

1. Create Role for MAC Authentication with access control option as Default deny.

685c0d135af54f3db80002a2eb6c27ed_RackMultipart20150430-20752-3lsl01-1_inline.png



2. Add rules under the role by clicking ADD button.

685c0d135af54f3db80002a2eb6c27ed_RackMultipart20150430-1172-9sj9ur-2_inline.png



3. For both In and Out Filters, allow specified MAC Address

685c0d135af54f3db80002a2eb6c27ed_RackMultipart20150430-32436-urihw2-3_inline.png


4. Similarly Create individual entries for each allowed MAC Address.

685c0d135af54f3db80002a2eb6c27ed_RackMultipart20150430-21123-1961tnw-4_inline.png



5. Now Role has been created. Create WLAN for MAC auth

685c0d135af54f3db80002a2eb6c27ed_RackMultipart20150430-12208-tjgy9l-5_inline.png



6. Let the privacy be none and Authentication as disabled. Create new VNS to map WLAN services and Role.

685c0d135af54f3db80002a2eb6c27ed_RackMultipart20150430-11043-ij58y5-6_inline.png





What to do if you have hundreds of MAC address to be added?

Get all MAC address in and excel sheet and use concatenate functon to create the create command [Syntax given below]. Login to controller through putty and navigate to role and macauth and issue create commands copied from excel sheet. Sample given below

role
macauth
create 1 proto any eth any mac AB:CD:EF:12:34:56/48 0.0.0.0/0 in both out both allow priority none tos-dscp none cos none
applyOne Question I have in mind is "How many MAC address can be used to put in a single ruleset?"
2 REPLIES 2

Doug
Extreme Employee
Hello,

This should answer your question...

http://gtacknowledge.extremenetworks.com/articles/Q_A/IdentiFi-How-many-Rules-can-I-have-per-Role

Doug Hyde
Director, Technical Support / Extreme Networks

Karthik1
New Contributor II
Hi Doug,

Thanks for your reply.
Then this idea will not work out if customer have more than 64 MAC addresses. In that case RADIUS should come to scene.
GTM-P2G8KFN