Centralized MAC Authentication

I have 4 cnPilot e400 on my network, how can i centralize the Mac Authenticacion? , I don´t want to configure the list on ech e400.


@javierlincoln wrote:

I have 4 cnPilot e400 on my network, how can i centralize the Mac Authenticacion? , I don´t want to configure the list on ech e400.


You can manage the APs through cnMaestro and push down the MAC ACL list from there. It would need to be defined and maintained only once (in the 'Access'/'ACL' configuration of the WLAN). If you are adding/removing a MAC it can be done on cnMaestro, no need to configure each E400 one by one.

Alternately you can save them on a RADIUS server if you have one available (Eg: freeradius.org) and enable MAC-Authenticaiton via RADIUS. The APs will look up the RADIUS server (username/password set to the MAC address) to check if the client should be allowed on the network.

I don´t understand, i must configure de ACL in one e400 and then replicate in the rest of devices using cnMaestro. Can you help me?

You can configure the ACL from cnMaestro (the cloud controller), here are the steps:

Go to "WLANs"

Select the WLAN your using

Go to "Access Control"

From there you can add MAC Addresses for centralized MAC Authentication. Here is a screenshot below:

I hope that helps!

Hello,

Who can point me to the log file/menu in the CnMaestro (on premises) where I can see a MAC authentication event please?

I enabled MAC auth through CNMaestro DB and I specifically denied my MAC address. It works but I would like to see the drop event in the CnMaestro also.

Thanks!

Clients denied due to MAC-ACL can be viewed at following location in cnMaestro:

For more details on centralized MAC authentication, please read knowledge base article posted in below URL:

https://community.cambiumnetworks.com/t5/cnPilot-E-Series-Enterprise-APs/MAC-Access-Control-List-MAC-Authentication/m-p/62526#M52

1 Like

MAC ACL works but it has drawbacks

I can't temporary disable an user MAC ACL

Let say today you allow user1 MAC ACL, but tomorrow you want to block user1.

You need to delete user1 first

If later, you want to allow again, you need to add manually

Its not like MIkrotik which with just 1 click, I can temporary block an user