cancel
Showing results for 
Search instead for 
Did you mean: 

Good MAC Auth Radius solution?

Here to help

Good MAC Auth Radius solution?

Hi

 

We have lots of MR42's and would like to control access to WIFI by using WPA2 & MAC based authentication(non meraki). 

 

We have 1000 staff + a lot of customer devices. These devices constantly change and some don't belong to the organisation. To minimize support overhead and interruption/setup time for customers we would like to just take their MAC add and Whitelist it on a radius solution. MS Radius/MAC is not a great solution you need to create ad accounts constantly it's a pain..

 

Has anyone any experience of achieving this, or can suggest a good radius solution?

 

 

8 REPLIES 8
A model citizen

Re: Good MAC Auth Radius solution?

Hi,

For a basic level of "users on boarding process" Meraki Radius seems to be fine.

Any how you need to manually type in the MAC Address in either of the solutions.

 

In-case of Meraki you can specify the desired policy on the device while adding them on to the Dashboard.

Screenshot attached for reference.

 

Add Clients.PNG

 

For a better functionality you may consider Cisco ISE.

Cheers
Ajit
ajitsnw@gmail.com
Here to help

Re: Good MAC Auth Radius solution?

Hi,

 

Thanks for the reply. I should have stated more clearly, we won't use Meraki MAC authentication, the reason being it doesn't work for us, it breaks constantly and support can't figure it out. I have a post for this too - https://community.meraki.com/t5/Wireless-LAN/WIFI-MAC-Whitelisting-breaks/m-p/35589#M5627

 

I was hoping someone could suggest a good radius solution(IE not MS or Meraki)

A model citizen

Re: Good MAC Auth Radius solution?

Hi,

I have not faced  "Whitelisting Policy" not working with Meraki Wireless.

I did faced Group Policy issues in Meraki Wireless + Appliance network which was shorted out later.

 

I never got an opportunity to Manage 1000+ WiFi user base though.

If not ISE / MS you may consider FreeRadius / MikroTik.

 

You may start with http://www.freeradius.net/. Install it on a Windows Machine and check if a Radius solves the issue.

However Lets wait for some more suggestion from Community Members.

 

 

Cheers
Ajit
ajitsnw@gmail.com
Kind of a big deal

Re: Good MAC Auth Radius solution?

There's a number of Identify solutions that can do this. Aruba ClearPass, FreeRadius, Cisco ISE. Me personally, I've used ClearPass in a former life and was always happy with it. I have a basic FreeRadius server in my lab that does the trick, but I'm not doing anything fancy on that. 

Here to help

Re: Good MAC Auth Radius solution?

Thanks for the reply @jdsilva 

I'm hoping to find a solution that will be easy for our Helpdesk to administer. I'm hoping that they can just take a MAC from a customer and pop it in a test file or GUI to authenticate the end users device. Do you know which solution might fit this use best?

 

I am setting up free radius now to see how works.

 

Thanks!

Highlighted
Kind of a big deal

Re: Good MAC Auth Radius solution?

There's a couple GUI frontends for FreeRadius, but I have on experience using any of them. Maybe one of them would suit your needs? Otherwise, you're going to have to build your town Help Desk tool for this.

Kind of a big deal

Re: Good MAC Auth Radius solution?

If you don't mind using the command line, it is hard to go past FreeRadius for this requirement.  Otherwise I'd go for Cisco ISE.

Meraki Employee

Re: Good MAC Auth Radius solution?

I'll second FreeRadius and ISE although ISE is probably way more than you need for this.  Might be moot point, but when adding MAC addresses using the Add Client drop-down, I believe you can populate up to 3,000 clients at a time, assuming you have them in a spreadsheet for example.  But agree with the others it's cumbersome to manage tons of constantly-changing MAC addresses regardless of the solution!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Points Contest
Join us for a month-long contest with heaps of swag to win!

Learn More ›