It should be fairly easy to setup RADIUS MAC auth. There are a few things we will need to configure. We will need to configure AMP's FreeRADIUS server to contain a list of MAC addresses to allow and tell the FreeRADIUS server the IP range of the APs to accept RADIUS packets from. Then we will need to configure your APs to use RADIUS auth and to use AMP as their RADIUS server. Edit the /etc/raddb/users file to include the mac addresses of the clients. You will want to include the format you choose on the Groups-->Security page. The example below is for colon delimited MAC addresses.Here's an example of configuring AMP's built-in FreeRADIUS server for MAC auth.# test laptop00:40:96:46:80:36 Auth-Type := Accept On the AMP Setup-->RADIUS Accounting tab enter the network containing your APs and a secret. You will need the secret later when we set the RADIUS servers on your APs. Our lab APs are on the 10.99.1.0 network so I would enter 10.99.1.0/24. Next go to the the Groups-->RADIUS page. Here you need to add the AMP as a radius server. The IP address will be AMP's IP address. The secret will be the secret you entered when you added the radius servers on the AMP Setup-->RADIUS Accounting page. Leave the ports at default.Now go to the Groups-->Security page. Select the AMP in the RADIUS Server #1 drop down. Select the Enabled radio button for MAC Address Authentication. Under MAC Address Format make sure colon delimited is selected. Click save and apply.Once AMP pushes the configs to your APs you should have RADIUS MAC auth setup and enabled.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.