Home > Wireless LAN > Encryption and Authentication > Enabling MAC based access control on an SSID

Enabling MAC based access control on an SSID

Table of contents
No headers
MAC-based access control admits or denies wireless association based on the connecting device’s MAC address. In this authentication method wireless devices use their MAC address as the username and password. Follow the steps below to configure an SSID to require MAC based access control with RADIUS.

Note: To enable MAC-based access control without a RADIUS server, a Sign-on Splash page can be used in a similar fashion

 

1. From Dashboard navigate to Configure > Access control.

2. Select MAC-based access control (no encryption) for Association requirements.


 

3. For Splash page choose None. Click through splash can be selected if desired.

4. For RADIUS server, click Add a server. Enter the RADIUS server IP address, listening port, and RADIUS shared secret to be used by your APs which are configured RADIUS clients on the server.


 

5. For Addressing and traffic choose Bridge mode in a VLAN environment. NAT mode could be used without VLANs if desired. 

6. An SSID can bridge wireless devices onto different VLANs. A default SSID VLAN can be set using the VLAN tag drop down. Then by setting the RADIUS response it can override VLAN tag from VLAN override drop down. RADIUS accept messages containing a different VLAN tag will be able to override the default VLAN for the SSID.


7. Click Save changes.

For RADIUS-side configuration, see Creating an NPS Policy for MAC-based authentication

You must to post a comment.
Last modified
18:17, 9 Feb 2016

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 1641

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case