Configure MAC Authentication

Create a standard wireless network (SSID).

MAC authentication checks a client MAC address against a RADIUS server, and can provide an additional, or sole means of authentication. If an SSID employs MAC authentication with another type of access control, such as PPSK, PSK, or a captive web portal, MAC authentication occurs first. If it is successful, the AP continues the authentication procedure. Otherwise, the authentication process stops, the AP denies network access to the client, and the AP disassociates the client. If you enable MAC authentication and use an OPEN SSID, then MAC authentication becomes the sole means of access control.

This task is part of creating or editing a network policy. Use this task to configure an MAC authentication.

  1. Go to Configure > Network Policies.
  2. Select MAC Authentication, and then toggle the setting to On.
  3. Select an Authentication Protocol to determine how the AP forwards authentication requests from users to an external RADIUS or Active Directory server:

    PAP: The AP sends an unencrypted password to the RADIUS server.

    CHAP or MS CHAP V2: The AP sends the result of an operation it performs on the password, instead of the password itself, to the RADIUS or Active Directory authentication server. The authentication server performs the same operation, and then compares the results to see if they match.

  4. Select Add to add a Radius Server Group, or select Select and then select an existing Radius Server Group.
    For more information, see Configure an AAA Server Profile

Continue configuring a standard wireless network.

9039022-00 Rev AA