![radius network mac address radius network mac address](https://blog.ui.com/wp-content/uploads/2016/11/radius2-1024x640.png)
It's possible that if someone knows the list of authorized MAC addresses or sniffs the network and detects them, they could easily spoof the MAC address of their wireless NIC so they could connect. The issue with this method is the lack of security. Then when a non≨02.1X client tries to connect, the server would then check the MAC address of the client NIC against the list of authorized addresses. This method essentially lets non≨02.1X devices bypass the traditional 802.1X process altogether, but still lets them connect.Ī list of authorized MAC addresses of client NICs would be maintained on the RADIUS server. If you're the network administrator, you might consider implementing the MAC address authentication bypass feature of your RADIUS server, if supported by the server and switches. As an administrator, you should also look into implementing network intrusion solutions to help catch these types of vulnerabilities. This is also a good time to mention to administrators that they should do regular thorough network audits and Wi-Fi site surveys to catch users who are using these methods without permission. This is because they can lessen the overall security of the network and potentially open access to unauthorized users. If you're just a user of the Enterprise network, you should first check with the administrators before using the methods we'll discuss in the latter part of the article. In this article, you'll discover some techniques that can be used by both network administrators and end users. Nevertheless, there are ways to still provide connectivity to non≨02.1X devices.
![radius network mac address radius network mac address](https://us.v-cdn.net/6029482/uploads/122/0M6O4CJBGA1K.png)
Thus, some computers or devices might not be able to connect to the Enterprise wireless network.
![radius network mac address radius network mac address](https://www.cisco.com/c/dam/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config-04.jpeg)
However, some legacy and even newer Wi-Fi devices can lack 802.1X support. That is, if you configure an external RADIUS server with WPA, WPA2, or WPA & WPA2, you cannot use external MAC authentication but are limited to internal MAC authentication.Using 802.1X authentication with WPA2-Enterprise offers the greatest Wi-Fi security possible today.
![radius network mac address radius network mac address](https://s3.amazonaws.com/s.guides.co/uploads/697/images/Screen%20Shot%202013-11-28%20at%2011.10.05%20AM.png)