Cisco Aironet Access Points

You can set up the access point to authenticate client devices using a combination of MAC-based and EAP authentication (see the SSID Manager window). When you enable this feature, client devices that associate to the access point using 802.11 open authentication first attempt MAC authentication. If MAC authentication succeeds, the client device joins the network. If the client is also using EAP authentication, it attempts to authenticate using EAP. If MAC authentication fails, the access point waits for the client device to attempt EAP authentication.

If you want the authentication to be stored on the access point, choose Local List Only and enter MAC addresses. If you want the authentication to be stored on the server, choose the Authentication Server Only option. Choose Authentication Server if not found in Local List if you want to try MAC authentication list first and then automatically try the Authentication server list. If the authentication succeeds, the client joins the network.

You are required to select at least one MAC Authentication on the Server Manager window if you select either Authentication Server Only or Authentication Server if not found in Local List.

The MAC addresses appear in the Local List. The MAC addresses remain in the management system until you remove them. To remove the MAC address from the list, select it and click Delete.

If you need to enter a new MAC address, type the address with periods separating the three groups of four characters (0040.9612.3456, for example). Note: To make sure the filter operates properly, use lower case for all the letters in the MAC addresses that you enter.) Then click Apply to put the MAC address in the management system. You must also enable MAC address authentication on the SSID Manager window. You can navigate to the Association page to verify that the preconfigured clients were associated and authenticated.