MAC Authentication

MAC is a device level authentication method used to augment other security schemes when legacy devices are deployed using static WEP.

MAC authentication can be used for device level authentication by permitting WLAN access based on device MAC address. MAC authentication is typically used to augment WLAN security options that do not use authentication (such as static WEP, WPA-PSK and WPA2-PSK) MAC authentication can also be used to assign VLAN memberships, Firewall policies, and access restrictions based on time and date.

MAC authentication can only validate devices, not users. MAC authentication only references a client's wireless interface card MAC address when authenticating the device, it does not distinguish the device's user credentials. MAC authentication is somewhat poor as a standalone data protection technique, as MAC addresses can be easily spoofed by hackers who can provide a device MAC address to mimic a trusted device within the network.

MAC authentication is enabled per WLAN profile, augmented with the use of a RADIUS server to authenticate each device. A device's MAC address can be authenticated against the local RADIUS server built into the device or centrally (from a datacenter). For RADIUS server compatibility, the format of the MAC address can be forwarded to the RADIUS server in non-delimited and or delimited formats:

To configure MAC on a WLAN:

Either select an existing AAA Policy from the drop-down menu or select the Create icon to the right of the AAA Policy parameter to display a screen where new AAA policies can be created. A default AAA policy is also available if configuring a WLAN for the first time and there's no existing policies. Select the Edit icon to modify the configuration of a selected AAA policy.

Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to the wireless client, enforcing user authorization policies and auditing and tracking usage. These combined processes are central for securing wireless client resources and wireless network data flows. For information on defining a new AAA policy that can be applied to the WLAN supporting MAC, see AAA Policy.
Select the Reauthentication option to force MAC supported clients to reauthenticate. Use the spinner control set the number of minutes (30 - 86,400) that, once exceeded, forces the EAP supported client to reauthenticate to use the resources supported by the controller, service platform or Access Point WLAN.
Select OK when completed to update the WLAN's MAC configuration. Select Reset to revert the screen back to the last saved configuration.

Select Configuration > Wireless > Wireless LAN Policy to display available WLANs.
Click Add to create an additional WLAN, or select an existing WLAN and click Edit to modify its security properties.
Select Security.
Select MAC as the Authentication Type.

Selecting MAC enables the radio buttons for each encryption option as an additional measure of security for the WLAN.
Select an existing AAA Policy from the drop-down menu or select the Create icon to the right of the AAA Policy parameter to display a screen where new AAA policies can be created.
Select the Edit icon to modify the configuration of the selected AAA policy.
Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to the network, enforcing user authorization policies and auditing and tracking usage. These combined processes are central for securing wireless client resources and wireless network data flows.
Select the Reauthentication option to force EAP supported clients to reauthenticate.
Use the spinner control set the number of seconds (between 30 - 86,400) that, when exceeded, forces the EAP supported client to reauthenticate to use the WLAN.
Select OK when completed to update the WLAN's MAC configuration.

Select Reset to revert to the last saved configuration.

Published May 2018prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback