Controllerless Networks

 View Only
last person joined: 22 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Setting up MAC authentication.

This thread has been viewed 11 times

  • 1.  Setting up MAC authentication.

    Posted May 02, 2014 10:43 AM

    I've set up MAC authentication on an SSID intended for user-owned devices.  I have not configured any security since my intention is to allow only authorized MACs to connect and use the SSID in question.

    My understanding is that one needs to enable MAC authentication, choose InternalServer, and then add MAC address as username and password in the internal server database for each device I wish to allow.

    I'm finding that clients can connect even though I have not added their MAC addresses to the database.

    This is IAP firmware 6.3.1.2-4.0.0.4_42384.

    There are 4 access rules in this order:

    Allow DNS to All

    Allow http to All

    Allow https to All

    Deny Any to All



  • 2.  RE: Setting up MAC authentication.

    EMPLOYEE
    Posted May 02, 2014 11:20 AM

    Did you put mac addresses with no delimeter in the internal database?

     



  • 3.  RE: Setting up MAC authentication.

    Posted May 02, 2014 11:27 AM

    That is correct, no delimeter; uppercase support disabled; blacklisting disabled.



  • 4.  RE: Setting up MAC authentication.

    Posted May 02, 2014 11:37 AM

    What is the initial role in the AAA profile? Configure a policy called "DENYALL-POL" (any any any drop) and create a role called "DENYALL-ROLE". Assign DENYALL-POL to DENYALL-ROLE. Set this role as the initial role.

     

    Configure Default MAC Authentication role whatever role you like. A device should get the Default MAC auth role if everything else is configured right.



  • 5.  RE: Setting up MAC authentication.

    Posted May 05, 2014 10:11 AM

    Below is the configuration which i have done

     


    !! Create MAC Authentication Profile
    !! Create Server Group and add server in it
    !! Create AAA profile and add Server Group & MAC Authentication profile in it
    !! create ssid profile
    !! create  vap and Assign AAA & ssid profile to VAP
    !! create AP group and add VAP into it



    aaa authentication mac "MAC-Athentication-Profile"
      delimiter colon
      max-authentication-failures 0

    aaa server-group "MAC-Authentication-ServerGroup"
      auth-server "Internal" position 1

    aaa profile "MAC-Authentication-AAA-Profile"
      mac-default-role authenticated
      initial-role logon
      mac-server-group "MAC-Authentication-ServerGroup"
      authentication-mac "MAC-Athentication-Profile"
      authentication-dot1x "default"

    wlan ssid-profile "MAC-Authentication-SSID-Profile"
      essid MAC-Authentication
      wpa-passphrase murad123
      opmode wpa2-psk-aes

    wlan virtual-ap "MAC-Authentication-VAP-Profile"
      vlan 1
      aaa-profile "MAC-Authentication-AAA-Profile"
      ssid-profile "MAC-Authentication-SSID-Profile"

    ap system-profile "MAC-Authentication-APSystemProfile"

    ap-group "AP-Group"
      virtual-ap "MAC-Authentication-VAP-Profile"