Country/Region

Under MAC authentication, different users are restricted from accessing different SSIDs based on user profiles.

2023-12-27 11:28:12 Published
  • 0 Followed
  • 0Collected ,2703Browsed
Pengqirui

Network Topology

Local MAC authentication, using the user-profile method to restrict access based on SSID, only allows the MAC address to access the service with SSID as mac1, and cannot access the service with SSID as mac2.

Configuration Steps

The configuration method is as follows:

local-user xxxxxxxxxxxx class network
password simple xxx
service-type lan-access
authorization-attribute user-profile mac1
authorization-attribute user-role network-operator
description Test2
 
user-profile mac1
wlan permit-ssid mac1
 
user-profile mac2
wlan permit-ssid mac2
 
domain local-mac
authorization-attribute idle-cut 15 1024
authentication lan-access local
authorization lan-access local
accounting lan-access none
 
wlan service-template mac1
ssid mac1
client-security authentication-mode mac
mac-authentication domain local-mac
service-template enable
 
wlan service-template mac2
ssid mac2
client-security authentication-mode mac
mac-authentication domain local-mac
service-template enable

Key Configuration

Connect mac 1:

%Nov 28 19:13:01:568 2023 AC STAMGR/6/STAMGR_MACA_LOGIN_SUCC: -Username=4490bb2bb976-UserMAC=4490-bb2b-b976-BSSID=3080-9b46-b322-SSID=mac1-APName=3080-9b46-b320-RadioID=1-VLANID=1-UsernameFormat=MAC address; A user passed MAC authentication and came online.

%Nov 28 19:13:01:587 2023 AC STAMGR/6/STAMGR_CLIENT_ONLINE: Client 4490-bb2b-b976 went online from BSS 3080-9b46-b322 vlan 1 with SSID mac1 on AP 3080-9b46-b320 Radio ID 1. State changed to Run.


[AC-wlan-st-mac1]dis wlan client mac-address 4490-bb2b-b976 verbose | in profile

 Authorization user profile: mac1

Connect mac 2:

%Nov 30 13:51:04:641 2023 AC STAMGR/6/STAMGR_MACA_LOGIN_SUCC: -Username=4490bb2bb976-UserMAC=4490-bb2b-b976-BSSID=3080-9b46-b321-SSID=mac2-APName=3080-9b46-b320-RadioID=1-VLANID=1-UsernameFormat=MAC address; A user passed MAC authentication and came online.

%Nov 30 13:51:04:643 2023 AC STAMGR/6/STAMGR_MACA_LOGOFF: -Username=4490bb2bb976-UserMAC=4490-bb2b-b976-BSSID=3080-9b46-b321-SSID=mac2-APName=3080-9b46-b320-RadioID=1-VLANID=1-UsernameFormat=MAC address; Session for a MAC authentication user was terminated.Reason:Received client failure message with reason code=2094.


[AC-probe]dis sys int wlan client history-record help reason-code 2094

Failed to process AccessCtrlChk. Configure permitted AP group or permitted SSID

Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted