ssid with PSK and mac auth
Topic
Anyone configured PSK ssid with mac auth ? i can reference the company property database but it seems to not be blocking unauthorised devices ??
Answers
alan-eile
Cheers Alex, shame this is not documented in the available documentation, I actually had it working by using dot1x with dot1x bypass and company account tied to company property.
alexanderhaupt
Hi ALAN-EILE, create a SSID with PSK and enable MAC-Athentication. Select UPAMRadiusServer. In Advanced Configuration check that Local Database is selected. In Default Access Role Profile select the appropriate Access Role Profile in which the client should be mapped. In Manage Guest Devices add your Company Property with the correct MAC-address. In the VLAN-ID field add a Dummy VLAN ID (e.g. 999) which leads to nowhere. Click Save and Apply to AP Group!
Now the client connects to the SSID with the correct PSK. Due to the Dummy VLAN the client will not receive an IP-address so far. The MAC-Auth takes place next. If the MAC-address matches with the Company Property an IP-address will be received based on the Default Access Role Profile defined in the Authentication Strategy. If the MAC-address does not match the access will be denied!
Please also refer to TKC article: 000048680
Hope this helps!
Alex