How do I configure MAC-based authentication on Aruba?

By Shyam_Moolayilkalarikkal Unpublished


Question:  How do I configure MAC-based authentication on Aruba?


Product and Software: This article applies to ArubaOS 3.x and later.


A. Configure a MAC Authentication Profile

* Using the WebUI

  1. Click Configuration > Security > Authentication > L2 Authentication page.
  2. Select MAC Authentication Profile.
  3. Enter a profile name and click Add.
  4. Select the profile name to display configurable parameters and click Apply.

Details about the configurable parameters:


Delimiter used in the MAC string:

  • colon specifies the format xx:xx:xx:xx:xx:xx
  • dash specifies the format xx-xx-xx-xx-xx-xx
  • none specifies the format xxxxxxxxxxxx

Default: none


The case (upper or lower) used in the MAC string.

Default: lower

Max Authentication Failures

Number of times a station can fail to authenticate before it is blacklisted. A value of 0 disables blacklisting.

Default: 0

* Using the CLI

aaa authentication mac <profile>

case {lower|upper}

delimiter {colon|dash|none}

max-authentication-failures <number>


B. Configure Clients in the Internal Database

* Using the WebUI

  1. Click Configuration > Security > Authentication > Servers page. Select Internal DB.
  2. Click Add Userin the Users section. The user configuration page displays.
  3. For User Name and Password, enter the MAC address for the client. Use the format specified by the Delimiter parameter in the MAC Authentication profile.
  4. Click Enabled to activate this entry on creation.
  5. Click Apply to apply the configuration.

* Using the CLI


In enable mode, issue the following command:

local-userdb add username <macaddr> password <macaddr>...


C. Map this MAC authentication profile into the respective aaa profile.


aaa profile <profile name>
authentication-mac <profile name>



Oct 02, 2018 08:49 AM



Can anybody help me, i need to get list of MAC Addresses added in "MAC Authentication" list.

I tried searching but did not found specific O/P.



Please Help!!



Sep 26, 2016 08:15 AM

Would this then only allow the user with that MAC address you entered to access the Wi-Fi.


basically I want to block everyone connecting to a WiFi, unless they provide me with their MAC address before hand so I can add it to the allowed list and allow them to connect.


i don't want the wrong people accessing my network through overhearing the password.