Good MAC Auth Radius solution?

Kegan
Here to help

Good MAC Auth Radius solution?

Hi

 

We have lots of MR42's and would like to control access to WIFI by using WPA2 & MAC based authentication(non meraki). 

 

We have 1000 staff + a lot of customer devices. These devices constantly change and some don't belong to the organisation. To minimize support overhead and interruption/setup time for customers we would like to just take their MAC add and Whitelist it on a radius solution. MS Radius/MAC is not a great solution you need to create ad accounts constantly it's a pain..

 

Has anyone any experience of achieving this, or can suggest a good radius solution?

 

 

8 Replies 8
AjitKumar
Head in the Cloud

Hi,

For a basic level of "users on boarding process" Meraki Radius seems to be fine.

Any how you need to manually type in the MAC Address in either of the solutions.

 

In-case of Meraki you can specify the desired policy on the device while adding them on to the Dashboard.

Screenshot attached for reference.

 

Add Clients.PNG

 

For a better functionality you may consider Cisco ISE.

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
Kegan
Here to help

Hi,

 

Thanks for the reply. I should have stated more clearly, we won't use Meraki MAC authentication, the reason being it doesn't work for us, it breaks constantly and support can't figure it out. I have a post for this too - https://community.meraki.com/t5/Wireless-LAN/WIFI-MAC-Whitelisting-breaks/m-p/35589#M5627

 

I was hoping someone could suggest a good radius solution(IE not MS or Meraki)

AjitKumar
Head in the Cloud

Hi,

I have not faced  "Whitelisting Policy" not working with Meraki Wireless.

I did faced Group Policy issues in Meraki Wireless + Appliance network which was shorted out later.

 

I never got an opportunity to Manage 1000+ WiFi user base though.

If not ISE / MS you may consider FreeRadius / MikroTik.

 

You may start with http://www.freeradius.net/. Install it on a Windows Machine and check if a Radius solves the issue.

However Lets wait for some more suggestion from Community Members.

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
jdsilva
Kind of a big deal

There's a number of Identify solutions that can do this. Aruba ClearPass, FreeRadius, Cisco ISE. Me personally, I've used ClearPass in a former life and was always happy with it. I have a basic FreeRadius server in my lab that does the trick, but I'm not doing anything fancy on that. 

Kegan
Here to help

Thanks for the reply @jdsilva 

I'm hoping to find a solution that will be easy for our Helpdesk to administer. I'm hoping that they can just take a MAC from a customer and pop it in a test file or GUI to authenticate the end users device. Do you know which solution might fit this use best?

 

I am setting up free radius now to see how works.

 

Thanks!

jdsilva
Kind of a big deal

There's a couple GUI frontends for FreeRadius, but I have on experience using any of them. Maybe one of them would suit your needs? Otherwise, you're going to have to build your town Help Desk tool for this.

PhilipDAth
Kind of a big deal
Kind of a big deal

If you don't mind using the command line, it is hard to go past FreeRadius for this requirement.  Otherwise I'd go for Cisco ISE.

MerakiDave
Meraki Employee
Meraki Employee

I'll second FreeRadius and ISE although ISE is probably way more than you need for this.  Might be moot point, but when adding MAC addresses using the Add Client drop-down, I believe you can populate up to 3,000 clients at a time, assuming you have them in a spreadsheet for example.  But agree with the others it's cumbersome to manage tons of constantly-changing MAC addresses regardless of the solution!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels