Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

361

362

363

364

365

366

367

368

369

370

Configuring Authentication and Authorization by MAC Address

RoamAbout Mobility System Software Configuration Guide 17-19

Configuring Authentication and Authorization by MAC Address

Youmustsometimesauthenticateusers basedontheMACaddressesoftheirdevicesratherthana

username‐passwordorcertificate.Forexample,someVoice‐over‐IP(VoIP)phonesandpersonal

digitalassistants(PDAs)donotsupport802.1Xauthentication.Ifaclientdoesnotsupport802.1X,

MSSattemptstoperformMACauthentication

fortheclientinstead.TheRoamAboutswitchcan

discovertheMACaddressofthedevicefromreceivedframesandcanusetheMACaddressin

placeofausernamefortheclient.

UsersauthorizedbyMACaddressrequireaMACauthorizationpasswordifRADIUS

authenticationisdesired.Thedefaultwell‐

knownpasswordisnopassword.

Adding and Clearing MAC Users and User Groups Locally

MACusersand groupscangainnetworkaccessonlythroughtheRoamAbou tSwitch.Theycannot

createadministrativeconnectionstotheRoamAboutSwitch.AMACuseriscreatedinasimilar

fashiontootherlocalusersexceptforhavingaMACaddressinsteadofausername.MACuser

groupsarecreatedin

asimilarfashiontootherlocalusergroups.

(TocreateaMACuserprofile orMACusergrouponaRADIUSserver,seethedocumentationfor

yourRADIUSserver.)

Adding MAC Users and Groups

TocreateaMACusergroupinthelocalRoamAboutSwitchdatabase,youmustassociateitwith

anauthorizationattributeandvalue.Usethefollowingcommand:

set mac-usergroup group-name attr attribute-name value

Examples

TocreateaMACusergroupcalledmac‐easterswitha3000‐secondSession‐Timeoutvalue,typethe

followingcommand:

RBT-8100# set mac-usergroup mac-easters attr session-timeout 3000

success: change accepted.

ToconfigureaMACuserinthelocaldatabaseandoptionallyaddtheusertoagroup,usethe

followingcommand:

set mac-user mac-addr [group group-name]

Forexample,typethefollowingcommandtoaddMACuser01:0f:03:04:05:06togroupmacfans:

RBT-8100# set mac-user 01:0f:03:04:05:06 group macfans

success: change accepted.

Caution: Use this method with care. IEEE 802.11 frames can be forged and can result in

unauthorized network access if MAC authentication is employed.