Below is a diagram showing a successful authentication. If the RADIUS server replies with an Access-Reject because the device does not match a policy, the AP will not grant network access. Upon receiving this message, the AP will grant network access to the device on the SSID. If a RADIUS policy exists on the server that specifies the device should be granted access and the credentials are correct, the RADIUS server will respond with an Access-Accept message. The username and password combination is always the MAC address of the connecting device, lower case without delimiting characters. With MAC-Based Access Control, devices must be authenticated by a RADIUS server before network access is granted on an SSID. The AP (RADIUS client) sends a RADIUS Access-Request to the RADIUS server containing the username and password of the connecting wireless device.

It is critical to control which devices can access the wireless LAN. MAC-Based Access Control can be used to provide port based network access control on MR series access points.

MAC-Based Access Control is one method for preventing unauthorized access to the Wireless LAN. This article discusses how MAC-Based Access Control works and provides step-by-step configuration instructions for Microsoft NPS and Dashboard.