Idea: IdentiFi MAC Authentication without RADIUS

Userlevel 1
MAC Authentication without RADIUS Server/Only with Controller
I was getting these request from couple of customers where in MAC Auth without RADIUS/only with controller. I have tested below config and found out working. I am posting here for more tweaks and suggestions.

Controller : V2110
OS :

1. Create Role for MAC Authentication with access control option as Default deny.

2. Add rules under the role by clicking ADD button.

3. For both In and Out Filters, allow specified MAC Address

4. Similarly Create individual entries for each allowed MAC Address.

5. Now Role has been created. Create WLAN for MAC auth

6. Let the privacy be none and Authentication as disabled. Create new VNS to map WLAN services and Role.

What to do if you have hundreds of MAC address to be added?

Get all MAC address in and excel sheet and use concatenate functon to create the create command [Syntax given below]. Login to controller through putty and navigate to role and macauth and issue create commands copied from excel sheet. Sample given below

create 1 proto any eth any mac AB:CD:EF:12:34:56/48 in both out both allow priority none tos-dscp none cos none
apply[/code]One Question I have in mind is "How many MAC address can be used to put in a single ruleset?"

2 replies

Userlevel 7

This should answer your question...
Userlevel 1
Hi Doug,

Thanks for your reply.
Then this idea will not work out if customer have more than 64 MAC addresses. In that case RADIUS should come to scene.