本地mac认证,采用user-profile的方式做基于SSID的接入限制,只允许该mac地址接入ssid为mac1的服务,不能接入到ssid为mac2的服务
local-user xxxxxxxxxxxx class network
password simple xxx
service-type lan-access
authorization-attribute user-profile mac1
authorization-attribute user-role network-operator
description Test2
user-profile mac1
wlan permit-ssid mac1
user-profile mac2
wlan permit-ssid mac2
domain local-mac
authorization-attribute idle-cut 15 1024
authentication lan-access local
authorization lan-access local
accounting lan-access none
wlan service-template mac1
ssid mac1
client-security authentication-mode mac
mac-authentication domain local-mac
service-template enable
wlan service-template mac2
ssid mac2
client-security authentication-mode mac
mac-authentication domain local-mac
service-template enable
连接mac1
%Nov 28 19:13:01:568 2023 AC STAMGR/6/STAMGR_MACA_LOGIN_SUCC: -Username=4490bb2bb976-UserMAC=4490-bb2b-b976-BSSID=3080-9b46-b322-SSID=mac1-APName=3080-9b46-b320-RadioID=1-VLANID=1-UsernameFormat=MAC address; A user passed MAC authentication and came online.
%Nov 28 19:13:01:587 2023 AC STAMGR/6/STAMGR_CLIENT_ONLINE: Client 4490-bb2b-b976 went online from BSS 3080-9b46-b322 vlan 1 with SSID mac1 on AP 3080-9b46-b320 Radio ID 1. State changed to Run.
[AC-wlan-st-mac1]dis wlan client mac-address 4490-bb2b-b976 verbose | in profile
Authorization user profile : mac1
连接mac2
%Nov 30 13:51:04:641 2023 AC STAMGR/6/STAMGR_MACA_LOGIN_SUCC: -Username=4490bb2bb976-UserMAC=4490-bb2b-b976-BSSID=3080-9b46-b321-SSID=mac2-APName=3080-9b46-b320-RadioID=1-VLANID=1-UsernameFormat=MAC address; A user passed MAC authentication and came online.
%Nov 30 13:51:04:643 2023 AC STAMGR/6/STAMGR_MACA_LOGOFF: -Username=4490bb2bb976-UserMAC=4490-bb2b-b976-BSSID=3080-9b46-b321-SSID=mac2-APName=3080-9b46-b320-RadioID=1-VLANID=1-UsernameFormat=MAC address; Session for a MAC authentication user was terminated.Reason:Received client failure message with reason code=2094.
[AC-probe]dis sys int wlan client history-record help reason-code 2094
Failed to process AccessCtrlChk. Configure permitted AP group or permitted SSID
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作