MAC Access Control List / Authentication
MAC Authentication is a feature supported by cnPilot™ ePMP1000 Hotspot/E400/E500 Wi-Fi products. MAC authentication is a mechanism to authorize wireless station that tries to associate Access Point [AP].
Following options are supported by MAC Authentication:
- Permit
- If this option is selected,
- Wireless station MAC addresses listed will be allowed to associate to AP. Following is the screenshot of wireless frames exchanged between AP and wireless station:
- If this option is selected,
- Wireless station MAC address that are not listed will be de-authenticated from AP. Wireless station entries that are disassociated or de-authenticated due to MAC Access Control List [ACL] or MAC authentication is displayed in UI under Troubleshoot -> Unconnected Clients section. Following is the screenshot of wireless frames exchanged between AP and wireless station:
- Deny
- This option is set as default. It allows all wireless stations to associate to AP.
- When user configures a MAC Address, those wireless station shall be denied to associate and the non-listed MAC address will be allowed.
- Radius
- Wireless station MAC is authenticated using RADIUS server. If denied, AP transmits disassociation or de-authentication frame to wireless station with reason code 0x01.
- User can select the MAC address format that needs to be communicated with RADIUS server. Following parameters are available to user to select MAC address format:
- Delimiter
- By default, no delimiter is used by AP.
- User can select supported delimiter as configured on RADIUS server.
- We support both ": colon" and "- hyphen" as delimiters
- Upper Case
- This is disabled by default.
- If selected, AP transmits upper case letter.
- Password
- By default, this is selected and AP sends MAC address as username/password to RADIUS server.
- Delimiter
Note:
- Customer should update USERS file in radius server with wireless station MAC address account.
If a wireless station is denied due to MAC ACL or Authentication, it is displayed under Troubleshoot -> Unconnected Clients with Message as “Denied due to MAC ACL”
Configuration Steps
- Navigate to Configuration -> WLAN -> Access
- Select MAC Authentication Policy
- Permit
- Enter the MAC address separated by “: colon” or “- hyphen“.
- User Upper Case or Lower Case letters of wireless station MAC address based on RADIUS server configuration
- Permit
- Deny
- Enter the MAC address separated by “: colon” or “- hyphen“.
- User Upper Case or Lower Case letters of wireless station MAC address based on RADIUS server configuration
- RADIUS
- Select the de-limiter as configured in RADIUS server. If de-limiter is not chosen, ap sends the user/pass without any delimiter. AP can support “: colon” and “- hyphen“ as delimiters.
- By default, PASSWORD is selected, which indicates that AP sends station MAC address as Username & Password to radius server
- Save the configuration