@enveekaa wrote:
I would like to give out a RAP with MAC authtentication on port eth1 (RAP2WG).
My idea is to create an aaa profile with mac auth but I can not turn my head away of the fact that all other mac users in the local db would be able to authenticate on this RAP2WG.. is there a way to prevent this ? there's no such thing as multiple local db's I guess? :)
What do you mean "all other mac users"? You mean all other users with MAC OSX or do you mean all other users with mac addresses in the database?
If you mean all other users with mac addresses, what you can do is create a new mac authentication profile that has a different format, like no delimeter. Add that new mac authentication profile to your AAA profile that you are applying to the wired port. Enter the user you want to have access in the local database with a mac address that has no delimeter. All other users who try to authenticate, their mac addresses will be in a different format, and they will fail.