Ignoring MAC authentication result
This feature enables the device to ignore the MAC authentication result and allow authentication-failed users to come online.
Apply this feature to an authentication scenario where both RADIUS-based MAC authentication and portal authentication are required.
Typically, a WLAN client must pass MAC authentication and portal authentication in turn to access network resources. The client provides username and password each time portal authentication is performed.
This feature simplifies the authentication process for a client as follows:
If the RADIUS server already records the client's MAC authentication information, the client passes MAC authentication. The device allows the client to access network resources without performing portal authentication.
If the RADIUS server does not record the client's MAC authentication information, the client fails MAC authentication. The device ignores the MAC authentication result and performs portal authentication for the client. If the client passes portal authentication, it can access network resources. The MAC address of the portal authenticated client will be recorded as MAC authentication information on the RADIUS server. At the next authentication attempt, the client will pass MAC authentication and access network resources without performing portal authentication.
To configure the device to ignore MAC authentication result:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter service template view. | wlan service-template service-template-name | N/A |
3. Configure the device to ignore MAC authentication result. | client-security ignore-authentication | By default, MAC authentication result applies. |