Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Configuring a Virtual Access Point for WPA Enterprise and MAC Filtering

This example shows how to configure a virtual access point for WPA enterprise and MAC filtering.

Requirements

Before you begin, specify the MAC address of the access point being configured. See AX411 Access Point Configuration Overview.

Overview

In this example, you configure virtual-access-point 2 on radio 1 for access point ap-1. You specify SSID as employee-only and VLAN ID as 217. You then define security as wpa-enterprise , WPA version as v2, chiper suites as both (TKIP and CCMP), RADIUS server IP address as 192.211.1.254, and RADIUS shared secret as sandia#978. You specify MAC authentication type as local. Finally, you specify MAC filtering for denied MAC addresses 00:08:C7:1B:8C:02 and 00:23:45:67:89:ab.

Configuration

CLI Quick Configuration

To quickly configure a virtual access point for WAP enterprise and MAC filtering, copy the following commands and paste them into the CLI:

[edit]set wlan access-point ap-1 radio 1 virtual-access-point 2 ssid employee-only vlan 217 security wpa-enterprise wpa-version v2set wlan access-point ap-1 radio 1 virtual-access-point 2 security wpa-enterprise cipher-suites both set wlan access-point ap-1 radio 1 virtual-access-point 2 security wpa-enterprise pre-authenticate radius-server 192.211.1.254 radius-key sandia#978 set wlan access-point ap-1 radio 1 virtual-access-point 2 security mac-authentication-type localset wlan access-point ap-1 access-point-options station-mac-filter deny-list mac-address [00:08:C7:1B:8C:02 00:23:45:67:89:ab]

GUI Step-by-Step Procedure

To configure a virtual access point for WPA enterprise and MAC filtering:

  1. Select Configure>Wireless LAN>Settings.
  2. Under AP Name, select ap-1.
  3. Under Radio ID, select radio 1, then click Edit.
  4. In the Edit - Radio window, select the Radio tab.
  5. Next to Virtual Access Points, click Add.
  6. In the Add - Virtual Access Point window, select the Basic Settings tab.
  7. Next to VAP ID, select 2.
  8. Next to SSID, enter employee-only.
  9. Next to VLAN ID, enter 217.
  10. Clear HTTP Redirect.
  11. Select the Security tab.
  12. Next to MAC authentication type, select Local.
  13. Next to Security, select WPA Enterprise.
  14. Next to WPA Version, select v2.
  15. Next to Cipher suites, select both.
  16. Select Pre authenticate.
  17. Next to Radius server, enter 192.211.1.254.
  18. Next to Radius key, enter sandia#978.
  19. Click OK to return to the Edit - Radio window.
  20. Click OK to return to the Wlan Settings page.
  21. Under AP Name, select ap-1.
  22. In the Edit - Access Point window, select the MAC Filtering tab.
  23. Click Add.
  24. In the Add MAC Filter window, enter 00:08:C7:1B:8C:02, and click OK.
  25. Click Add.
  26. In the Add MAC Filter window, enter 00:23:45:67:89:ab, and click OK.
  27. For Action, select deny.
  28. Click OK.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure a virtual access point for WPA enterprise and MAC filtering:

  1. Configure the WLAN access point.
    [edit]user@host# edit wlan access-point ap-1
  2. Configure a virtual access point.
    [edit wlan access-point ap-1]user@host# edit radio 1 virtual-access-point 2
  3. Specify SSID and VLAN ID.
    [edit wlan access-point ap-1 radio 1 virtual-access-point 2]user@host# set ssid employee-only vlan 217
  4. Configure security.
    [edit wlan access-point ap-1 radio 1 virtual-access-point 2]user@host# edit security wpa-enterprise
  5. Define WPA version, cipher suites, pre authentication, radius server IP address, and RADIUS shared secret key.
    [edit wlan access-point ap-1 radio 1 virtual-access-point 2 security wpa-enterprise]user@host# set wpa-version v2user@host# set cipher-suites bothuser@host# set pre-authenticate radius-server 192.211.1.254 radius-key sandia#978
  6. Specify MAC authentication type.
    [edit wlan access-point ap-1 radio 1 virtual-access-point 2]user@host# set security mac-authentication-type local
  7. Set MAC filtering for denied MAC addresses.
    [edit wlan access-point ap-1]user@host# set access-point-options station-mac-filter deny-list mac-address [00:08:C7:1B:8C:02 00:23:45:67:89:ab]

Results

From configuration mode, confirm your configuration by entering the show wlan access-point ap-1 command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

[edit]user@host# show wlan access-point ap-1
access-point-options {station-mac-filter {deny-list {mac-address [ 00:08:C7:1B:8C:02 00:23:45:67:89:ab ];}}}radio 1 {virtual-access-point 2 {ssid employee-only;vlan 217;security {mac-authentication-type local;wpa-enterprise {wpa-version {v2;}cipher-suites {both;}pre-authenticate;radius-server 192.211.1.254;radius-key "$ABC123"; ## SECRET-DATA}}}}

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Virtual Access Point for WPA Enterprise and MAC Filtering

Purpose

Verify that the virtual access point for WPA enterprise and MAC filtering is configured properly.

Action

From configuration mode, enter the show wlan access-point ap-1 command.

 

Related Documentation

 

Modified: 2016-06-24

Previous Page Next Page