Only role profiles you have defined are listed here. To configure RADIUS MAC Authentication, select an action to take if the client authorization fails: Disconnect or Stay connected and select a Role from the drop-down list. The MAC addresses defined on your RADIUS server must all be in lower case format.
The RADIUS server then sends a Change of Authorization (CoA) message that contains the post-authentication role profile for the client. When the user authenticates successfully, the RADIUS server registers the client MAC address for this user. You can enable the use of pre-authentication and post-authentication role profiles so that the pre-authentication role redirects the client to a web authentication portal hosted on the RADIUS server after MAC authentication fails. 
Disconnect the client device because it is not authorized. You can also redirect the user to web site or portal that provides information about why access was denied or displays instructions for self-registration. This role can assign the client to a specific VLAN ID or have other restrictions based on the role configuration. You can optionally assign a role to the client from your defined role profiles. Connect the client even though it not authorized. If the MAC authentication fails, you can configure the AP to take one of these actions:. If the MAC authentication is successful, the client device is allowed to access the wireless network. After the user successfully associates to the SSID, the AP authenticates the MAC address of the connecting client with a RADIUS server. For example, the user can associate using WPA2 with PSK. User authentication is initiated based on the security settings configured for the SSID. For more information, see Role-Based Access Control for RADIUS MAC Authentication. After the user successfully authenticates, the RADIUS server can use Change of Authorization (CoA) to assign a post-authenticaton role to the client. For example, you can assign a pre-authentication role that redirects a client to a portal for authentication to the RADIUS server. 
You can also configure RADIUS MAC authentication to assign roles to clients that fail MAC authentication (to restrict access or redirect the client), or you can assign roles both pre-authentication and post-authentication. You can use RADIUS MAC Authentication to allow only authorized devices to connect to your wireless network. When you enable secondary authorization on your network, a wireless user first authenticates on the wireless network, and then the device used to connect to the network is authenticated to determine whether it is an authorized device.
0 kommentar(er)
