Enabling RADIUS Access via MAC Addresses

Sometimes, you will need to allow wired devices (like VOIP phones) access to your network without user authentication. Or, maybe you'd like to authorize wireless printers to a network by their MAC address (note, the SSID in this case must be set to "MAC-based access control" mode).

Foxpass allows you to allow devices on your network by matching their MAC address prefix. You can also set RADIUS attributes for different device types.

1. Get a list of MAC addresses

First, get a list of MAC addresses for your different devices. Figure out if you can group different device types using a common set of prefixes. Otherwise, you can just compile a list of full MAC addresses.

2. Create a MAC Entry

Create a MAC Entry on the MAC Entries page. Make a separate entry for each device type and enter in the corresponding MAC addresses and prefixes for the device.

3. Enter in the prefixes

Add prefixes to the entry as needed. You can use colons, periods, or dashes to separate characters if desired, but we format the prefixes with colon separators when saving it into our database. Remember, prefixes will match longest first. For example:

1671

MAC Entries

If a device with the MAC address that begins with "11:aa" tries to connect, it would match with the "VOIP Phones" entry. If a device with the MAC address "11:xx:xx:xx" tries to connect, it would match with the "Apple TV" entry.


4. Enable MAC authentication on the RADIUS settings page.

Go to the RADIUS Settings page. For your radius client, click on the Advanced options button.


Click on the Advanced options button

Click on the Advanced options button

Select MAC authentication checkbox and click 'Save' if you want to authenticate devices by using its MAC address as both the username and password, or select MAC authentication checkbox and enter the password in the textbox, click 'Save' if you want the MAC address as the username and password matches the password entered in the textbox.

MAC address as both username and password

MAC address as both username and password

MAC address as the username and password in the textbox as the password for authentication

MAC address as the username and password in the textbox as the password for authentication

5. Optional: Add MAC entries to RADIUS attributes

You can also have RADIUS attributes return different values for different MAC entries. See the Enabling RADIUS Attributes page for more information.