Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsWirelessNetgear WC9500
81828384858687888990
Manage Security Profiles and Profile Groups
81
ProSAFE Wireless Controller WC9500
Manage MAC Authentication and MAC Authentication
Groups
MAC authentication lets you set up an external or a local access control list (ACL) with MAC
addresses of clients to either allow or deny the network access privilege of the specified
clients with the wireless controller–managed access point. The settings are applied only to
managed access points.
Note: The wireless controller can support an aggregate number of
4096 MAC addresses for all its local ACLs.
Guidelines for External MAC Authentication
Note the following external RADIUS server guidelines:
For each MAC authentication client, you need to configure a policy on the RADIUS
server.
During MAC authentication, the wireless controller sends the following information to the
RADIUS server:
- MAC address in the format xx:xx:xx:xx:xx:xx
- User name
- Calling station ID
The wireless controller uses CHAP as the authentication protocol with the RADIUS
server
.
You can configure either MAC authentication with an external RADIUS server or network
authentication with an external RADIUS server
, but not both. That is, if you configure an
external RADIUS server with WPA, WPA2, or WPA & WPA2, you cannot use external
MAC authentication but are limited to internal MAC authentication.
To use an external ACL:
1. Configure an ACL on an external RADIUS server
.
2. On an Edit Profile screen for the basic profile group or an advanced profile group, next to
MAC ACL, select
the External radio button.
3. From the External Radius Server menu, select the external authentication server.
For more information, see
Configure Security Profiles for the Basic Profile Group on
page 67 and Configure Security Profiles for Advanced Profile Groups on page 71.
The wireless controller consults the MAC ACL at initial client authentication. While a client
roams, the wireless controller uses cached authentication information. After a client has
disassociated from the access point and then attempts to reassociate, the wireless controller
once again consults the MAC
ACL.