Netgear WC7520 - ProSafe 20-AP Wireless Controller Manual De Referência

Guidelines for External MAC Authentication



Configure an ACL on an external RADIUS server.

On an Edit Profile screen (see 

), 

next to MAC ACL, select the External radio button.

From the External Radius Server drop-down list, select an external authentication server.

The wireless controller consults the MAC ACL at initial client authentication. While a client 
roams, the wireless controller uses cached authentication information. After a client has 
disassociated from the access point and then attempts to reassociate again, the wireless 
controller once again consults the MAC ACL.

Note the following external RADIUS server guidelines:

For each MAC authentication client, you need to configure a policy on the RADIUS 

server.

During MAC authentication, the wireless controller sends the following information to the 

RADIUS server:

MAC address in the format xx:xx:xx:xx:xx:xx

user name

calling station ID

The wireless controller uses CHAP as the authentication protocol with the RADIUS 

server.

You can configure either MAC authentication with an external RADIUS server or network 

authentication with an external RADIUS server (see 

on page 81), but not both. That is, if you configure an external 

RADIUS server with WPA, WPA2, or WPA & WPA2, you cannot use external MAC 
authentication but are limited to internal MAC authentication.

Configure Basic Local MAC Authentication Settings

You would typically use the basic MAC authentication group in the profiles of a basic profile 
group of a small-scale network. However, you can assign the basic MAC authentication 
group to any profile, whether in the basic profile group or in an advanced profile group.



Select Configuration > Security > Basic > MAC ACL. The basic MAC Authentication 
screen displays: