Contents

RADIUS MAC Authentication

When you enable secondary authorization on your network, a wireless user first authenticates on the wireless network, and then the device used to connect to the network is authenticated to determine whether it is an authorized device. You can use RADIUS MAC Authentication to allow only authorized devices to connect to your wireless network.

Configure RADIUS MAC Authentication

To configure RADIUS MAC Authentication:

  1. Select an action to take if the client authorization fails: Disconnect or Assign Role.
  2. If you select Assign Role, from the Select Role drop-down list, select a role profile. Only role profiles you have defined are listed here. For more information, see Role Based Control.
  3. Save the SSID settings.

RADIUS Server Settings

To configure your RADIUS server settings, click RADIUS Settings.

Setting

Description

Called Station ID

A free-form text parameter that the AP passes to the RADIUS server during the authentication or accounting process as the standard RADIUS parameter, Called-Station-Id. You can use one or more of the special format specifiers, %m, %n, %l or  %s, to represent the called station ID. The AP replaces %m with the Ethernet MAC address of the AP. The AP replaces %s with the SSID. The AP replaces %l with the location tag. The AP replaces %n with the device name. You can repeat the format specifiers. You can enter text instead of using the format specifiers.
Note: If the length of this parameter exceeds 255 characters, the AP uses only the first 255 characters.

NAS ID

This parameter is used when a network access server (NAS) serves as a single point to access network resources. Generally, a NAS supports hundreds of simultaneous users. When a RADIUS client connects to a NAS, the NAS sends access request packets to the RADIUS server. These packets must contain either the NAS IP address or the NAS identifier. The RADIUS server uses the NAS ID or the NAS-Identifier to authenticate RADIUS clients.
You can specify a string for the NAS ID. You can use one or more of the special format specifiers, '%m, %n, %l and/or %s, to represent the NAS ID. The AP replaces %m with the Ethernet MAC address of the AP. The AP replaces %s with the SSID. The AP replaces %l with the location tag. The AP replaces %n with the device name. You can repeat the format specifiers.
The default value of NAS ID is %m-%s. The NAS ID corresponds to the NAS-Identifier attribute on the RADIUS server. The attribute ID for the NAS-Identifier RADIUS attribute is 32.
Make sure that the NAS ID you specify is not the same as the shared secret configured for the RADIUS server in the RADIUS Authentication section.
Note: The AP uses the first 255 characters if the length of this parameter exceeds 255 characters because the total permissible length of this field is 255 characters.

Username and Password
Username

MAC Address without Delimiter — 00aa11bb33cc
MAC Address with Hyphen — 00-aa-11-bb-33-cc
MAC Address with Colon — 00:aa:11:bb:33:cc
MAC Address with Single Hyphen — 00aa11-bb33cc

The MAC addresses on your RADIUS server must all be in lower case format. For example: 00:aa:11:bb:22:cc.

Password

MAC Address without Delimiter — 0011223344cc
MAC Address with Hyphen — 00-11-22-33-44-cc
MAC Address with Colon — 00:11:22:33:44:cc
MAC Address with Single Hyphen — 001122-3344cc

The MAC addresses on your RADIUS server must all be in lower case format. For example: 00:aa:11:bb:22:cc.

Primary Authentication Server

Select a RADIUS profile from the drop-down list.

Secondary Authentication Server

Select a RADIUS profile from the drop-down list.

Primary Accounting Server

Select a RADIUS profile from the drop-down list.

Secondary Accounting Server

Select a RADIUS profile from the drop-down list.
RADIUS Retry Parameters
Timeout Second(s) [1-10]
Attempts [1-10]

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search