Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater
6-52
Wireless Network Management
MAC Authentication (Filters)
MAC Authentication (Filters)
The Wireless Edge Services xl Module can control which wireless stations
connect to a WLAN according to their MAC, or hardware-based, addresses.
The module filters stations denied by access control lists (ACLs) before they
authenticate and associate with the WLAN.
MAC authentication can act by itself or in conjunction with another form of
authentication. For example, you could configure ACLs for MAC authentica-
tion and apply them to a WLAN; you could also enable Web authentication on
that WLAN. When a station attempts to connect to the WLAN, the module first
checks the station’s MAC address. If the ACLs allow the station, the module
lets it proceed to associate to the WLAN and complete the Web authentication.
MAC authentication is particularly important with Web authentication
because without it, stations can actually connect to the WLAN before they
authenticate.
The module supports up to 1000 ACLs, each of which can specify a range of
MAC addresses.
To configure MAC authentication, complete these steps:
1. Configure one or more filters, or ACLs.
2. Configure WLAN memberships for each ACL.
Configuring ACLs (Filters)
When configuring ACLs on the module, keep these rules in mind:
1. ACLs are ordered by index number.
2. The module processes ACLs that are applied to a WLAN starting with the
ACL that has the lowest index number. The module stops processing the
ACLs as soon as it finds a match for the station’s MAC address.
3. The module supports two types of ACLs:
• Allow ACLs—If the module matches a station to this ACL, it permits
traffic from the station.
• Deny ACLs—If the module matches a station to this ACL, it blocks all
traffic from it, and the station cannot associate to the WLAN.