Configuring MAC Authentication Fallback Mechanism using Guest Access on cnPilot E-series device

Note: This feature is available from 3.1.1 r14 release build.

MAC Authentication Fallback Overview

MAC Authentication fallback mechanism combines Layer 2 and Layer 3 security. Consider where both Radius based MAC filtering and Guest Access web authentication implemented.

Scenario 1: When MAC Authentication fails

When a client tries to connect to a WLAN for accessing Internet using the MAC filter (RADIUS server), if the client fails the authentication, then the authentication will fall back to Guest web Portal for authentication. Then user need to provide proper username & password to get access to Internet.

Scenario 2: When MAC Authentication succeeded

When a client tries to connect to a WLAN and passes the MAC filter authentication, then web authentication is skipped and the client is connected to the WLAN with Internet access.

With this feature, you can avoid disassociations based on a MAC filter authentication failure.

Please find the below pictorial representation of MAC Authentication Fallback mechanism


1. Create a WLAN profile with OPEN security.

2. Goto Guest Access tab, enable Guest Access with Access policy as RADIUS. 

3. Enable MAC Authentication Fallback in Guest Access tab. 

4. Goto Radius server tab, and provide information of Authentication server and Accounting server in respective columns. 

5. Goto Access tab, inside MAC Authentication section choose MAC Authentication policy as RADIUS. And based on MAC address filter configuration in Radius server choose “delimiter” or enable “Upper-Case”.