AAA Server MAC Authentication with dynamic vlan

Vlan 332 as AP online vlan

Vlan 333 as default vlan

Vlan 334 as dynamic vlan

Use AC as DHCP Server

IMC ip add is 172.16.1.70

1.      Config the AC basic config

[AC] vlan 332

[AC] interface vlan-interface 333

[AC-Vlan-interface333] ip address 192.168.100.1 255.255.255.0

[AC] vlan 333

[AC] interface vlan-interface 333

[AC-Vlan-interface333] ip address 192.168.101.1 255.255.255.0

[AC] vlan 334

[AC] interface vlan-interface 334

[AC-Vlan-interface333] ip address 192.168.102.1 255.255.255.0

[AC] interface gigabitethernet1/0/1

[AC-GigabitEthernet1/0/1] port link-type trunk

[AC-GigabitEthernet1/0/1] undo port trunk permit vlan 1

[AC-GigabitEthernet1/0/1] port trunk permit vlan 332 333 334

[AC] ip route-static 172.16.1.0 255.255.255.0 192.168.100.2

2.      Config the radius setting

[AC] radius scheme iMC

# Config the ip of the radius server 172.16.1.70。

[AC-radius-office] primary authentication 8.1.1.50

[AC-radius-office] primary accounting 8.1.1.50

# config the radius preshared key as the 123456789。

[AC-radius-office] key authentication simple 123456789

[AC-radius-office] key accounting simple 123456789

#config the authentication account is without domain name。

[AC-radius-office] user-name-format without-domain

# Create a LSP domain

[AC] domain iMC1

[AC-isp-office1] authentication lan-access radius-scheme iMC

[AC-isp-office1] authorization lan-access radius-scheme iMC

[AC-isp-office1] accounting lan-access radius-scheme iMC

# use mac address as account and password without-hyphen means abcabcabc instead of abc-abc-abc

[AC] mac-authentication user-name-format mac-address without-hyphen lowercase

3.      Config the wireless template

[AC] wlan service-template 1

[AC-wlan-st-1] ssid service

[AC-wlan-st-1] vlan 333

[AC-wlan-st-1] client forwarding-location ac

[AC-wlan-st-1] client-security authentication-mode mac

[AC-wlan-st-1] mac-authentication domain office1

[AC-wlan-st-1] akm mode psk

[AC-wlan-st-1] preshared-key pass-phrase simple 123456789

[AC-wlan-st-1] cipher-suite ccmp

[AC-wlan-st-1] security-ie rsn

[AC-wlan-st-1] service-template enable

4.      Config the wireless AP

[AC] wlan ap officeap model WA6320

[AC-wlan-ap-officeap] serial-id 219801A28N819CE0002T

[AC-wlan-ap-officeap] quit

[AC] wlan ap-group group1

[AC-wlan-ap-group-group1] ap officeap

[AC-wlan-ap-group-group1] ap-model WA6320

[AC-wlan-ap-group-group1-ap-model-WA6320] radio 2

[AC-wlan-ap-group-group1-ap-model-WA6320-radio-2] service-template 1

[AC-wlan-ap-group-group1-ap-model-WA6320-radio-2] radio enable

5.      iMC config

add the AC as network device to iMC.

Add a new device

Add an authorization policy

Add a new one like this

Add a new Access Service

Add this Service with the policy

Add a user

Create a user account name and password must be the mac address

Then you can try to connect the ssid

The random Mac function needs to be disabled from the client side(phone or pc)

And no specific config is needed to configure on AC when using the authorization vlan.