Configuring MAC Authentication

The following is the section of the running configuration for the FortiWLC controller that specifies the configuration for MAC authentication. The relevant settings are in bold.

To summarize, the SSID FortiWLC uses the security profile called MacAuth with allowed L2 modes set to clear, and with macfiltering enabled. The Mac Filter configuration has access-list deny enabled which the FortiNAC appliance needs for dissociate purposes, and the access-list radius-server profile is qa245-MacAuth.

This radius profile points to 192.168.5.245:1812 as the RADIUS server:port.

essid MERU security-profile MacAuth tunnel-type radius-only vlan name "" gre name "" virtual-cell-type per-station-bssid countermeasure dataplane tunneled ssid MERU ap-discovery join-ess ap-discovery join-virtual-ap publish-essid beacon dtim-period 1 beacon period 100 supported-tx-rates 802.11b 1 supported-tx-rates 802.11b 2 supported-tx-rates 802.11b 5.5 supported-tx-rates 802.11b 11 supported-tx-rates 802.11a 6 supported-tx-rates 802.11a 9 supported-tx-rates 802.11a 12 supported-tx-rates 802.11a 18 supported-tx-rates 802.11a 24 supported-tx-rates 802.11a 36 supported-tx-rates 802.11a 48 supported-tx-rates 802.11a 54 supported-tx-rates 802.11an 6 supported-tx-rates 802.11an 9 supported-tx-rates 802.11an 12 supported-tx-rates 802.11an 18 supported-tx-rates 802.11an 24 supported-tx-rates 802.11an 36 supported-tx-rates 802.11an 48 supported-tx-rates 802.11an 54 supported-tx-rates 802.11an-mcs 0 supported-tx-rates 802.11an-mcs 1 supported-tx-rates 802.11an-mcs 2 supported-tx-rates 802.11an-mcs 3 supported-tx-rates 802.11an-mcs 4 supported-tx-rates 802.11an-mcs 5 supported-tx-rates 802.11an-mcs 6 supported-tx-rates 802.11an-mcs 7 supported-tx-rates 802.11an-mcs 8 supported-tx-rates 802.11an-mcs 9 supported-tx-rates 802.11an-mcs 10 supported-tx-rates 802.11an-mcs 11 supported-tx-rates 802.11an-mcs 12 supported-tx-rates 802.11an-mcs 13 supported-tx-rates 802.11an-mcs 14 supported-tx-rates 802.11an-mcs 15 supported-tx-rates 802.11g 6 supported-tx-rates 802.11g 9 supported-tx-rates 802.11g 12 supported-tx-rates 802.11g 18 supported-tx-rates 802.11g 24 supported-tx-rates 802.11g 36 supported-tx-rates 802.11g 48 supported-tx-rates 802.11g 54 supported-tx-rates 802.11bg 1 supported-tx-rates 802.11bg 2 supported-tx-rates 802.11bg 5.5 supported-tx-rates 802.11bg 11 supported-tx-rates 802.11bg 6 supported-tx-rates 802.11bg 9 supported-tx-rates 802.11bg 12 supported-tx-rates 802.11bg 18 supported-tx-rates 802.11bg 24 supported-tx-rates 802.11bg 36 supported-tx-rates 802.11bg 48 supported-tx-rates 802.11bg 54 supported-tx-rates 802.11bgn 1 supported-tx-rates 802.11bgn 2 supported-tx-rates 802.11bgn 5.5 supported-tx-rates 802.11bgn 11 supported-tx-rates 802.11bgn 6 supported-tx-rates 802.11bgn 9 supported-tx-rates 802.11bgn 12 supported-tx-rates 802.11bgn 18 supported-tx-rates 802.11bgn 24 supported-tx-rates 802.11bgn 36 supported-tx-rates 802.11bgn 48 supported-tx-rates 802.11bgn 54 supported-tx-rates 802.11bgn-mcs 0 supported-tx-rates 802.11bgn-mcs 1 supported-tx-rates 802.11bgn-mcs 2 supported-tx-rates 802.11bgn-mcs 3 supported-tx-rates 802.11bgn-mcs 4 supported-tx-rates 802.11bgn-mcs 5 supported-tx-rates 802.11bgn-mcs 6 supported-tx-rates 802.11bgn-mcs 7 supported-tx-rates 802.11bgn-mcs 8 supported-tx-rates 802 .11bgn-mcs 9 supported-tx-rates 802 .11bgn-mcs 10 supported-tx-rates 802 .11bgn-mcs 11 supported-tx-rates 802 .11bgn-mcs 12 supported-tx-rates 802 .11bgn-mcs 13 supported-tx-rates 802 .11bgn-mcs 14 supported-tx-rates 802 .11bgn-mcs 15 base-tx-rates 802.11b 11 base-tx-rates 802.11a 6 base-tx-rates 802.11a 12 base-tx-rates 802.11a 24 base-tx-rates 802.11an 6 base-tx-rates 802.11an 12 base-tx-rates 802.11an 24 base-tx-rates 802.11g 6 base-tx-rates 802.11g 9 base-tx-rates 802.11g 12 base-tx-rates 802.11g 18 base-tx-rates 802.11g 24 base-tx-rates 802.11g 36 base-tx-rates 802.11g 48 base-tx-rates 802.11g 54 base-tx-rates 802.11bg 11 base-tx-rates 802.11bg n 11 accounting interim-interval 3600 accounting primary-radius "" accounting secondary-radius "" no multicast-enable no silent-client-enable no wmm-support ess-ap 1 1 calls-per-bss 0 exit exit security-profile MacAuth key-rotation disabled allowed-l2-modes clear captive-portal disabled captive-portal-passthru 0.0.0.0 0.0.0.0 psk key "" firewall-capability none firewall-filter-id "" security-logging off static-wep key "" static-wep key-index 1 macfiltering rekey period 0 group-rekey interval 0 radius-server primary "" radius-server secondary "" auth-supplicant-timeout 30 auth-server-timeout 30 auth-max-request 4 pae-max-reauth 4 pae-txperiod 30 no kddi no captive-portal no shared-authentication no rekey period no 8021x-network-initiation no fast-handoff no reauth exit access-list state deny access-list radius-server primary qa245-MacAuth radius-profile qa245-MacAuth description "" ip-address 192.168.5.245 key abc123 port 1812 mac-delimiter colon password-type shared-secret exit

Configuring MAC Authentication

The following is the section of the running configuration for the FortiWLC controller that specifies the configuration for MAC authentication. The relevant settings are in bold.

This radius profile points to 192.168.5.245:1812 as the RADIUS server:port.

essid MERU
security-profile MacAuth
tunnel-type radius-only
vlan name ""
gre name ""
virtual-cell-type per-station-bssid
countermeasure
dataplane tunneled
ssid MERU
ap-discovery join-ess
ap-discovery join-virtual-ap
publish-essid
beacon dtim-period 1
beacon period 100
supported-tx-rates 802.11b 1
supported-tx-rates 802.11b 2
supported-tx-rates 802.11b 5.5
supported-tx-rates 802.11b 11
supported-tx-rates 802.11a 6
supported-tx-rates 802.11a 9
supported-tx-rates 802.11a 12
supported-tx-rates 802.11a 18

supported-tx-rates 802.11a 24

supported-tx-rates 802.11a 36

supported-tx-rates 802.11a 48

supported-tx-rates 802.11a 54

supported-tx-rates 802.11an 6

supported-tx-rates 802.11an 9

supported-tx-rates 802.11an 12

supported-tx-rates 802.11an 18
supported-tx-rates 802.11an 24
supported-tx-rates 802.11an 36

supported-tx-rates 802.11an 48

supported-tx-rates 802.11an 54

supported-tx-rates 802.11an-mcs 0

supported-tx-rates 802.11an-mcs 1

supported-tx-rates 802.11an-mcs 2

supported-tx-rates 802.11an-mcs 3

supported-tx-rates 802.11an-mcs 4

supported-tx-rates 802.11an-mcs 5

supported-tx-rates 802.11an-mcs 6

supported-tx-rates 802.11an-mcs 7

supported-tx-rates 802.11an-mcs 8

supported-tx-rates 802.11an-mcs 9

supported-tx-rates 802.11an-mcs 10

supported-tx-rates 802.11an-mcs 11

supported-tx-rates 802.11an-mcs 12

supported-tx-rates 802.11an-mcs 13

supported-tx-rates 802.11an-mcs 14

supported-tx-rates 802.11an-mcs 15

supported-tx-rates 802.11g 6

supported-tx-rates 802.11g 9

supported-tx-rates 802.11g 12

supported-tx-rates 802.11g 18

supported-tx-rates 802.11g 24

supported-tx-rates 802.11g 36
supported-tx-rates 802.11g 48

supported-tx-rates 802.11g 54

supported-tx-rates 802.11bg 1

supported-tx-rates 802.11bg 2

supported-tx-rates 802.11bg 5.5

supported-tx-rates 802.11bg 11

supported-tx-rates 802.11bg 6

supported-tx-rates 802.11bg 9

supported-tx-rates 802.11bg 12

supported-tx-rates 802.11bg 18

supported-tx-rates 802.11bg 24

supported-tx-rates 802.11bg 36

supported-tx-rates 802.11bg 48

supported-tx-rates 802.11bg 54

supported-tx-rates 802.11bgn 1

supported-tx-rates 802.11bgn 2

supported-tx-rates 802.11bgn 5.5

supported-tx-rates 802.11bgn 11

supported-tx-rates 802.11bgn 6

supported-tx-rates 802.11bgn 9

supported-tx-rates 802.11bgn 12

supported-tx-rates 802.11bgn 18

supported-tx-rates 802.11bgn 24

supported-tx-rates 802.11bgn 36

supported-tx-rates 802.11bgn 48

supported-tx-rates 802.11bgn 54
supported-tx-rates 802.11bgn-mcs 0

supported-tx-rates 802.11bgn-mcs 1

supported-tx-rates 802.11bgn-mcs 2

supported-tx-rates 802.11bgn-mcs 3

supported-tx-rates 802.11bgn-mcs 4

supported-tx-rates 802.11bgn-mcs 5

supported-tx-rates 802.11bgn-mcs 6

supported-tx-rates 802.11bgn-mcs 7
supported-tx-rates 802.11bgn-mcs 8
supported-tx-rates 802 .11bgn-mcs 9

supported-tx-rates 802 .11bgn-mcs 10

supported-tx-rates 802 .11bgn-mcs 11

supported-tx-rates 802 .11bgn-mcs 12

supported-tx-rates 802 .11bgn-mcs 13

supported-tx-rates 802 .11bgn-mcs 14

supported-tx-rates 802 .11bgn-mcs 15

base-tx-rates 802.11b 11

base-tx-rates 802.11a 6

base-tx-rates 802.11a 12

base-tx-rates 802.11a 24

base-tx-rates 802.11an 6

base-tx-rates 802.11an 12

base-tx-rates 802.11an 24

base-tx-rates 802.11g 6

base-tx-rates 802.11g 9

base-tx-rates 802.11g 12

base-tx-rates 802.11g 18

base-tx-rates 802.11g 24

base-tx-rates 802.11g 36

base-tx-rates 802.11g 48

base-tx-rates 802.11g 54

base-tx-rates 802.11bg 11

base-tx-rates 802.11bg n 11

accounting interim-interval 3600

accounting primary-radius ""

accounting secondary-radius ""

no multicast-enable

no silent-client-enable

no wmm-support

ess-ap 1 1

calls-per-bss 0

exit

exit

security-profile MacAuth
key-rotation disabled

allowed-l2-modes clear
captive-portal disabled

captive-portal-passthru 0.0.0.0 0.0.0.0

psk key ""

firewall-capability none

firewall-filter-id ""

security-logging off

static-wep key ""

static-wep key-index 1

macfiltering
rekey period 0
group-rekey interval 0

radius-server primary ""

radius-server secondary ""

auth-supplicant-timeout 30

auth-server-timeout 30

auth-max-request 4
pae-max-reauth 4

pae-txperiod 30

no kddi

no captive-portal

no shared-authentication

no rekey period

no 8021x-network-initiation

no fast-handoff

no reauth

exit

access-list state deny
access-list radius-server primary qa245-MacAuth
radius-profile qa245-MacAuth
description ""

ip-address 192.168.5.245
key abc123

port 1812
mac-delimiter colon
password-type shared-secret

exit

FortiWLC Integration

Configuring MAC Authentication

Configuring MAC Authentication

Configuring MAC Authentication