Netgear WC7600v1 - ProSAFE Wireless Controller User Manual

MAC authentication lets you set up an external or a local access control list (ACL) with MAC 
addresses of clients to either allow or deny the network access privilege of the specified 
clients with the wireless controller–managed access point. The settings are applied only to 
managed access points.

The wireless controller can support an aggregate number of 
4096 MAC addresses for all its local ACLs.

Note the following external RADIUS server guidelines:

For each MAC authentication client, you must configure a policy on the RADIUS server.

During MAC authentication, the wireless controller sends the following information to the 
RADIUS server:

MAC address in the format xx:xx:xx:xx:xx:xx

User name

Calling station ID

The wireless controller uses CHAP as the authentication protocol with the RADIUS 
server.

You can configure either MAC authentication with an external RADIUS server or network 
authentication with an external RADIUS server, but not both. That is, if you configure an 
external RADIUS server with WPA, WPA2, or WPA & WPA2, you cannot use external 
MAC authentication but are limited to internal MAC authentication.

You would typically use the basic MAC authentication group in the profiles of a basic profile 
group of a small-scale network. However, you can assign the basic MAC authentication 
group to any profile, whether in the basic profile group or in an advanced profile group.

The wireless controller supports a maximum of 4,096 MAC addresses per SSID.

You cannot add multicast or broadcast MAC addresses to a MAC 
access control list (ACL).