Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring MAC Authentication
MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is used for authenticating devices based on their physical MAC addresses. For MAC authentication, the MAC address of a machine must match an approved list of manually defined addresses on the switch. MAC authentication can be used alone or it can be combined with 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.
To configure MAC authentication for the switch ports, complete the following steps:
- In the WebUI, select one of the following options:
- To select a switch group in the filter:
- Set the filter to a group containing at least one switch.
The dashboard context for the group is displayed.
- Under , click > .
- Click the AOS-X Config or icon to view the switch configuration dashboard.
- Set the filter to a group containing at least one switch.
- To select a switch in the filter:
- Set the filter to or a group containing at least one switch.
- Under
A list of switches is displayed in the
view. , click > . - Click a switch under
The dashboard context for the switch is displayed.
. - Under
The tabs to configure the switch is displayed.
, click .
- To select a switch group in the filter:
- Click > .
- In the tab, expand the MAC Authentication accordion. The Port Settings table displays the parameters configured for the port.
- Select one or more ports for which you want to enable MAC authentication and click the edit icon.
The Edit Ports Selected window is displayed. - Select from the drop-down.
-
Configure the following parameters.
Table 1: Configuring MAC Authentication
Name
Description
Value The maximum number of clients to allow on the port.
Default: 0
The VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to use for an unauthorized client.
Default: 0
The VLAN to use for an authorized client.
Default: 0
The time (in seconds) that the switch enforces on a client to re-authenticate. The client remains authenticated while the re-authentication occurs. When set to 0, re-authentication is disabled.
Default: 300 seconds
The time (in seconds) when cached re-authentication is allowed on the port.
Default: 0
The time (in seconds) that the switch enforces for an implicit logoff.
Default: 300 seconds
The time (in seconds) during which the port does not try to acquire a supplicant. The period begins after the last attempt authorized by the max-requests parameter fails.
Default: 60 seconds
- Click .