Motorola AP-6511 Reference Manual page 144

Motorola Solutions AP-6511 Access Point System Reference Guide
user credentials. MAC authentication is somewhat poor as a standalone data protection technique, as MAC
addresses can be easily spoofed by hackers who can provide a device MAC address to mimic a trusted device
within the wireless controller managed network.
MAC authentication is enabled per WLAN profile, augmented with the use of a RADIUS server to
authenticate each device. A device's MAC address can be authenticated against the local RADIUS server
built into the device or centrally (from a datacenter). For RADIUS server compatibility, the format of the MAC
address can be forwarded to the RADIUS server in non-delimited and or delimited formats:
To configure MAC on a WLAN:
1. Select
WLANs available.
2. Select the
the security properties of an existing WLAN.
3. Select Security.
4. Select
Selecting MAC enables the radio buttons for each encryption option as an additional measure of security
for the WLAN.
5. Either select an existing AAA Policy from the drop-down menu or select the
the AAA Policy parameter to display a screen where new AAA policies can be created. A default AAA
policy is also available if configuring a WLAN for the first time and there's no existing policies. Select the
Edit
Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to
the wireless client managed network, enforcing user authorization policies and auditing and tracking
usage. These combined processes are central for securing wireless client resources and wireless
network data flows. For information on defining a new AAA policy, see
6. Select the
spinner control set the number of minutes (between 30 - 86,400) that, once exceeded, forces the EAP
supported client to reauthenticate to use the resources supported by the WLAN.
7. Select
back to the last saved configuration.
MAC Authentication Deployment Considerations

MAC Authentication
Before defining a MAC authentication configuration on a WLAN, refer to the following deployment
guidelines to ensure the configuration is optimally effective:
• MAC authentication can only be used to identify end-user devices, not the users themselves.
• MAC authentication is somewhat poor as a standalone data protection technique, as MAC addresses can
be easily spoofed by hackers who can provision a MAC address on their device to mimic a trusted device.
6-10
Configuration > Wireless
Add button to create an additional WLAN, or select and existing WLAN and
MAC as the Authentication Type.
icon to modify the configuration of a selected AAA policy.
Reauthentication radio button to force MAC supported clients to reauthenticate. Use the
OK when completed to update the WLAN's MAC configuration. Select
> Wireless LAN Policy to display a high-level display of the existing
Edit to modify
Create icon to the right of
AAA Policy on page 6-50.
Reset to revert the screen