How to Configure Local MAC address based Authentication in WM3600 Cluster?


I have a Cluster of 02 WM3600 Controllers with SW version 5.4.

Need to implement MAC address based Local ( On Controller) authentication.

Requirement is for two type of users:

1. Employees

2. Guest

For Employee:

WLAN User should not be asked any password. Only a set of MAC IDs should be allowed to use the SSID. Users with other MAC IDs should not be allowed (restricted) to access the SSID.

For Guest:

WLAN User has to login a KEY/Password and get access. But SSID other than used for Employees.

Any one can guide on this?

Regards,

Jitendra

11 replies

Hi Friends,

Can any one guide on this?

Regards,

Jitendra
Userlevel 4
Hi Jitendra,

Please refer the page number 12 from the link below to configure MAC authentication using controller internal radius server.

https://www.dropbox.com/s/h6nzmruy3f16gdr/SVC%20Tech%20Implementation%20Guide%20WM3000%20Series%20SW...

For Guest,
You will be creating new SSID and select security as "PSK/None' and set the passphrase details..

Regards,
Nathiya M
Thanks Nathiya,

I will try this and update you.

Regards,

Jitendra
Hi Nathiya,

We followed the doc: "Solution Implementation Guide: WM 3000 Series Controller (SW v5.1) Internal RADIUS" .

But it is not working and even the working SSID was also affected and stop working.

Should I share Configuration file?

Please suggest.

Regards,

Jitendra
Userlevel 4
Hi Jitendra,

Yes, please share the config file to check the details.

Regards,
Nathiya M
Hi Nathiya,

Herewith please find the links for configuration files.

OLD/Initial start-up Config: https://www.dropbox.com/s/jjzt5irc5b0hlag/startup-config-OLD?dl=0

Config after following the document: https://www.dropbox.com/s/g4n4lclldutw0r1/startup-config?dl=0

Please suggest.

Regards,

Jitendra
Userlevel 4
Hi Jitendra,

I see the MAC authentication configuration seems to correct.

wlan TEST
description MAC based
ssid test
vlan 900
bridging-mode tunnel
encryption-type none
authentication-type mac
use aaa-policy NTPC-AAA\ Policy
!
aaa-policy NTPC-AAA\ Policy authentication server 1 onboard controller
!
radius-group NTPC-Radius-Group
!
radius-user-pool-policy NTPC-User\ pool
user 88708cd34ebd password 0 88708cd34ebd group NTPC-Radius-Group

Except the production SSID configured in "bridging-mode local" and the MAC authentication SSID configured in "bridging-mode tunnel".

wlan NTPC-GUEST description NTPC Employee WiFi user
ssid NTPC-TRANG
vlan 900
bridging-mode local
encryption-type tkip
authentication-type none
wpa-wpa2 psk 0 abcdefghijkl

Could you please confirm, what exactly not working? Does the client able to connect to the SSID?
Or its connecting and not getting IP address?

Regards,
Nathiya M
Hi Nathiya,

User/device is neither connecting to the SSID nor getting IP Address.

Regards,

Jitendra
and for SSID: NTPC-TRANG it is authenticating..connecting... and again disconnecting... and loop goes on.
Userlevel 4
Hi Jitendra,

Can you please open a TAC case and give me the case #, will work on it further.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-contact-Extreme-Networks-Global-Tec...

Regards,
Nathiya M
Hi Nathiya,

Herewith please find GTAC CASE ID: 01190608.

Regards,

Jitendra

Reply