FreeRADIUS Example for Wireless Client Configuration 213
Configuring the External RADIUS Server
assignment and a newly associated client is assigned to the default VLAN for that VAP. A re-
authenticating client retains its previous VLAN ID.
The default management VLAN ID for all APs is 1. The only way to change an AP’s
management VLAN ID is by using the
set management vlan-id command from the CLI.
After you change the
etc/raddb/users file, you must restart the RADIUS server daemon to
apply the changes.
Configuring MAC Authentication
For each network, you can configure whether to use a local or RADIUS database for client
MAC authentication. To use RADIUS-based MAC authentication for wireless clients, you add
an entry for each client in the
etc/raddb/users file. If the default action for MAC
Authentication on the switch is set to “Allow,” only clients that have an entry in the
users file
are allowed access to the network through the AP. If the default action is set to “deny” the
clients with a MAC address in the
users file cannot authenticate with the AP.
The following line is an example of an entry for a client in the
etc/raddb/users file.
00-0F-FE-1C-F2-67 Auth-Type: = Local, User-Password == “NOPASSWORD"
NOTE: The password is always NOPASSWORD, and the MAC address of the client
uses hyphens, not colons.
To Next Page
Loading...
Need help?
General
