This document describes how to set up WLAN access restrictions on a LANCOM WLAN router or access point where the MAC addresses of the authorized WLAN clients are entered into a RADIUS server.
This configuration example uses the internal RADIUS server on the LANCOM WLAN router or access point. An external RADIUS server can be used as an alternative.
1) Open the configuration of the LANCOM router or access point with LANconfig.
2) Switch to the menu item Configuration -> Wireless LAN-> Stations. Here you activate the option Transfer data from the listed stations...
3) In the section Authentication via RADIUS, enter the IP address of the RADIUS server and the server port 1,812.
This example uses the
internal RADIUS server of the LANCOM router or access point , therefore the
IP address of the localhost is entered, 127.0.0.1 . If you are using an
external RADIUS server , you must enter the
local IP address of the external server .
If you want the
shared secret to be used as the password for
user accounts of authorized WLAN clients (see step 8), you can configure this here.
Using the shared secret as the password is impractical if you are using multiple access points which use different shared secrets to communicate with the RADIUS server. In this configuration example we do not use a shared secret, and instead in configuration step 8 we use the
MAC address of a WLAN client as the password .
4) Switch to the menu item Configuration -> READIUS server -> General.
5) In the Authentication port field, enter the value 1,812.
6) Click on the User table button in order to set the MAC addresses of the authorized WLAN clients in the following dialog.
7) In the field Name/MAC address, enter the MAC address of an authorized WLAN client with the following syntax: aabbcc-ddeeff.
8) In the field Password, enter the MAC address of an authorized WLAN client with the following syntax: aabbcc-ddeeff.
If you defined a
shared secret in
step 3 , you must enter this into the password field
instead of the MAC address .
9) Once you have entered all authorized WLAN clients into the user table, you can write the configuration back to the LANCOM WLAN router or access point.
If you entered a
shared secret in
step 3 , you have
completed the configuration at this point.
did not enter a shared secret in step 3 and you entered the
MAC address of the authorized WLAN clients into the
password field in step 8, you must additionally perform the following configuration steps.
10) Using WEBconfig, open the configuration of the LANCOM WLAN router or access point and navigate to the menu LCOS menu tree -> Setup -> WLAN -> RADIUS access check-> Password source.
11) Change the value from Secret to MAC address and click the button Send.