Question: How do I configure MAC-based authentication on Aruba?
Product and Software: This article applies to ArubaOS 3.x and later.
A. Configure a MAC Authentication Profile
* Using the WebUI
- Click Configuration > Security > Authentication > L2 Authentication page.
- Select MAC Authentication Profile.
- Enter a profile name and click Add.
- Select the profile name to display configurable parameters and click Apply.
Details about the configurable parameters:
Delimiter
Delimiter used in the MAC string:
- colon specifies the format xx:xx:xx:xx:xx:xx
- dash specifies the format xx-xx-xx-xx-xx-xx
- none specifies the format xxxxxxxxxxxx
Default: none
Case
The case (upper or lower) used in the MAC string.
Default: lower
Max Authentication Failures
Number of times a station can fail to authenticate before it is blacklisted. A value of 0 disables blacklisting.
Default: 0
* Using the CLI
aaa authentication mac <profile>
case {lower|upper}
delimiter {colon|dash|none}
max-authentication-failures <number>
B. Configure Clients in the Internal Database
* Using the WebUI
- Click Configuration > Security > Authentication > Servers page. Select Internal DB.
- Click Add Userin the Users section. The user configuration page displays.
- For User Name and Password, enter the MAC address for the client. Use the format specified by the Delimiter parameter in the MAC Authentication profile.
- Click Enabled to activate this entry on creation.
- Click Apply to apply the configuration.
* Using the CLI
In enable mode, issue the following command:
local-userdb add username <macaddr> password <macaddr>...
C. Map this MAC authentication profile into the respective aaa profile.
Example:
aaa profile <profile name>
authentication-mac <profile name>