Using_AMP's FreeRADIUS as a MAC auth server

Aruba Employee
Aruba Employee

It should be fairly easy to setup RADIUS MAC auth. There are a few things we will need to configure. We will need to configure AMP's FreeRADIUS server to contain a list of MAC addresses to allow and tell the FreeRADIUS server the IP range of the APs to accept RADIUS packets from. Then we will need to configure your APs to use RADIUS auth and to use AMP as their RADIUS server. 

Edit the /etc/raddb/users file to include the mac addresses of the clients. You will want to include the format you choose on the Groups-->Security page. The example below is for colon delimited MAC addresses.

Here's an example of configuring AMP's built-in FreeRADIUS server for MAC auth.

# test laptop
00:40:96:46:80:36 Auth-Type := Accept 

On the AMP Setup-->RADIUS Accounting tab enter the network containing your APs and a secret. You will need the secret later when we set the RADIUS servers on your APs. Our lab APs are on the network so I would enter 

Next go to the the Groups-->RADIUS page. Here you need to add the AMP as a radius server. The IP address will be AMP's IP address. The secret will be the secret you entered when you added the radius servers on the AMP Setup-->RADIUS Accounting page. Leave the ports at default.

Now go to the Groups-->Security page. Select the AMP in the RADIUS Server #1 drop down. Select the Enabled radio button for MAC Address Authentication. Under MAC Address Format make sure colon delimited is selected. Click save and apply.

Once AMP pushes the configs to your APs you should have RADIUS MAC auth setup and enabled.

Version history
Revision #:
1 of 1
Last update:
‎06-09-2014 10:28 AM
Updated by:



I know this is a slightly older article but this could be helpful in my smaller implementation.


Is this Article documenting how to use Airwave to authenticate wireless clients?


Wireless Network named testmac with MAC authentication setup via AMP

Clients MAC address would be added to AMP.

When the client went to join the network testmac it would authenticate via AMP?



Search Airheads
Showing results for 
Search instead for 
Did you mean: