ssid with PSK and mac auth

Topic

Anyone configured PSK ssid with mac auth ? i can reference the company property database but it seems to not be blocking unauthorised devices ??

Date
03.09.2019
answers
2
views
62
Author
Asked by alan-eile

Answers

Cheers Alex, shame this is not documented in the available documentation, I actually had it working by using dot1x with dot1x bypass and company account tied to company property.

Date
03.09.2019
Author
Asked by alan-eile
Add Comment
Vote

Hi ALAN-EILE, create a SSID with PSK and enable MAC-Athentication. Select UPAMRadiusServer. In Advanced Configuration check that Local Database is selected. In Default Access Role Profile select the appropriate Access Role Profile in which the client should be mapped. In Manage Guest Devices add your Company Property with the correct MAC-address. In the VLAN-ID field add a Dummy VLAN ID (e.g. 999) which leads to nowhere. Click Save and Apply to AP Group!

Now the client connects to the SSID with the correct PSK. Due to the Dummy VLAN the client will not receive an IP-address so far. The MAC-Auth takes place next. If the MAC-address matches with the Company Property an IP-address will be received based on the Default Access Role Profile defined in the Authentication Strategy. If the MAC-address does not match the access will be denied!

Please also refer to TKC article: 000048680

Hope this helps!

Alex

Date
03.09.2019
Author
Add Comment
Vote