cancel
Showing results for 
Search instead for 
Did you mean: 

SBR 6.1 How to control access based on MAC

Highlighted
Not applicable

SBR 6.1 How to control access based on MAC

We are using SBR 6/1 and currently using EAP-PEAP with a certificate. I'm trying to lock down access even further by doing one of two things:

1) Limit access to only the enterprise's brands MAC address. I think Ican do this in a profile with a Check List, but am not sure what parameters I would need to add. And can I even specify that clients must meet the requirement of the first part of a MAC? 0011:ffff:* for example.

2) Can I make it where the radius certificate has to be preloaded on the machine, so clients connecting with mobile phones dont get a prompt to download the certificate?

1 REPLY 1
Highlighted
Frequent Contributor

Re: SBR 6.1 How to control access based on MAC

Hello, yes, you can limit the allowed user based on MAC address. The radius attribute of 'calling-station-id'.

However, since you are using EAP-PEAP, you will need to create a request filter to move the 'calling-station-id' inside of the PEAP tunnel. If you do not do this, you will not be able to filter the MAC address. You have to ALLOW the 'calling-station-id' attribute as part of the filter.

Hope that helps

Craig