Motorola Solutions AP-6511 Access Point System Reference Guide
6-10
user credentials. MAC authentication is somewhat poor as a standalone data protection technique, as MAC
addresses can be easily spoofed by hackers who can provide a device MAC address to mimic a trusted device
within the wireless controller managed network.
MAC authentication is enabled per WLAN profile, augmented with the use of a RADIUS server to
authenticate each device. A device’s MAC address can be authenticated against the local RADIUS server
built into the device or centrally (from a datacenter). For RADIUS server compatibility, the format of the MAC
address can be forwarded to the RADIUS server in non-delimited and or delimited formats:
To configure MAC on a WLAN:
1. Select Configuration > Wireless > Wireless LAN Policy to display a high-level display of the existing
WLANs available.
2. Select the Add button to create an additional WLAN, or select and existing WLAN and Edit to modify
the security properties of an existing WLAN.
3. Select Security.
4. Select MAC as the Authentication Type.
Selecting MAC enables the radio buttons for each encryption option as an additional measure of security
for the WLAN.
5. Either select an existing AAA Policy from the drop-down menu or select the Create icon to the right of
the AAA Policy parameter to display a screen where new AAA policies can be created. A default AAA
policy is also available if configuring a WLAN for the first time and there’s no existing policies. Select the
Edit icon to modify the configuration of a selected AAA policy.
Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to
the wireless client managed network, enforcing user authorization policies and auditing and tracking
usage. These combined processes are central for securing wireless client resources and wireless
network data flows. For information on defining a new AAA policy, see AAA Policy on page 6-50.
6. Select the Reauthentication radio button to force MAC supported clients to reauthenticate. Use the
spinner control set the number of minutes (between 30 - 86,400) that, once exceeded, forces the EAP
supported client to reauthenticate to use the resources supported by the WLAN.
7. Select OK when completed to update the WLAN’s MAC configuration. Select Reset to revert the screen
back to the last saved configuration.
MAC Authentication Deployment Considerations

MAC Authentication
Before defining a MAC authentication configuration on a WLAN, refer to the following deployment
guidelines to ensure the configuration is optimally effective:
• MAC authentication can only be used to identify end-user devices, not the users themselves.
• MAC authentication is somewhat poor as a standalone data protection technique, as MAC addresses can
be easily spoofed by hackers who can provision a MAC address on their device to mimic a trusted device.
To Next Page
Loading...
Need help?
General
