Controller Based WLANs

How do I configure MAC-based authentication on Aruba?

Aruba Employee

Question:  How do I configure MAC-based authentication on Aruba?

 

Product and Software: This article applies to ArubaOS 3.x and later.

 

A. Configure a MAC Authentication Profile

* Using the WebUI

  1. Click Configuration > Security > Authentication > L2 Authentication page.
  2. Select MAC Authentication Profile.
  3. Enter a profile name and click Add.
  4. Select the profile name to display configurable parameters and click Apply.

Details about the configurable parameters:

Delimiter

Delimiter used in the MAC string:

  • colon specifies the format xx:xx:xx:xx:xx:xx
  • dash specifies the format xx-xx-xx-xx-xx-xx
  • none specifies the format xxxxxxxxxxxx

Default: none

Case

The case (upper or lower) used in the MAC string.

Default: lower

Max Authentication Failures

Number of times a station can fail to authenticate before it is blacklisted. A value of 0 disables blacklisting.

Default: 0

* Using the CLI

aaa authentication mac <profile>

case {lower|upper}

delimiter {colon|dash|none}

max-authentication-failures <number>

 

B. Configure Clients in the Internal Database

* Using the WebUI

  1. Click Configuration > Security > Authentication > Servers page. Select Internal DB.
  2. Click Add Userin the Users section. The user configuration page displays.
  3. For User Name and Password, enter the MAC address for the client. Use the format specified by the Delimiter parameter in the MAC Authentication profile.
  4. Click Enabled to activate this entry on creation.
  5. Click Apply to apply the configuration.

* Using the CLI

 

In enable mode, issue the following command:

local-userdb add username <macaddr> password <macaddr>...

 

C. Map this MAC authentication profile into the respective aaa profile.

Example:

aaa profile <profile name>
authentication-mac <profile name>

Version history
Revision #:
1 of 1
Last update:
‎07-07-2014 02:13 PM
 
Labels (1)
Contributors
Comments
Mosteckyj

Would this then only allow the user with that MAC address you entered to access the Wi-Fi.

 

basically I want to block everyone connecting to a WiFi, unless they provide me with their MAC address before hand so I can add it to the allowed list and allow them to connect.

 

i don't want the wrong people accessing my network through overhearing the password.

 

thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.