Specifications
Configuring Authentication and Authorization by MAC Address
RoamAbout Mobility System Software Configuration Guide 17-21
ToaddtheMACuser00:01:02:03:04:05toVLANred:
RBT-8100# set mac-user 00:01:02:03:04:05 attr vlan-name red
success: change accepted
Tochangethevalueofanauthorizationattribute,reenterthecommandwiththenewvalue.To
clearanauthorizationattributefromaMACuserprofileinthelocaldatabase,usethefollowing
command:
clear mac-user mac-addr attr attribute-name
ThefollowingcommandclearstheVLANassignmentfromMACuser01:0f:02:03:04:05:
RBT-8100# clear mac-user 01:0f:03:04:05:06 attr vlan-name
success: change accepted.
(Foracompletelistofauthorizationattributes,seeTable 17‐5onpage 17‐42.)
Changing the MAC Authorization Password for RADIUS
WhenyouenableMACauthentication,theclientdoesnotsupplyaregularusernameor
password.TheMACaddressoftheuser’sdeviceisextractedfromframesreceivedfromthe
device.
ToauthenticateandauthorizeMA CusersviaRADIUS,youmustconfigureasinglepredefined
passwordforMACusers,whichiscalled
theoutboundauthorizationpassword.Thesame
passwordisusedforallMACuserentriesintheRADIUSdatabase.Setthispasswordbytyping
thefollowingcommand:
set radius server server-name author-password password
Thedefaultpasswordisnopassword.
Example
ThefollowingcommandsetstheoutboundauthorizationpasswordforMACusersonserver
bigbirdtoh00per:
RBT-8100# set radius server bigbird author-password h00per
success: change accepted.
IftheMACaddressisinthedatabase,MSSusestheVLANattributeandotherattributes
associatedwithitforuserauthorization.Otherwise,MSStriesthefallthruauthenticationtype,
whichcanbelast‐resort,Web,ornone.
Note: Before setting the outbound authorization password for a RADIUS server, you must have set
the address for the RADIUS server. For more information, see “Configuring RADIUS Servers” on
page 18-3.
Note: A MAC address must be dash-delimited in the RADIUS database—for example,
00-00-01-03-04-05. However, the MSS always displays colon-delimited MAC addresses.