Example: Configuring a Virtual Access Point for WPA Enterprise and MAC Filtering (J-Web)

This example shows how to configure virtual access point vap-2 on radio 1 for access point ap-1 with the following settings:

• SSID: employee-only
• VLAN ID: 217
• Client security: WPA2 Enterprise, with both TKIP and CCMP ciphers, and pre-authentication
• RADIUS server IP address 192.211.1.254 and RADIUS shared secret sandia#978
• MAC filtering for denied MAC addresses 00:08:C7:1B:8C:02 and 01:23:45:67:89:ab

Before you configure an access point, you must specify the MAC address of the access point being configured. See AX411 Access Point Configuration Overview.

1. Select Configure>Wireless LAN>Settings.
2. Under AP Name, select ap-1.
3. Under Radio ID, select radio 1, then click Edit.
4. In the Edit - Radio window, select the Radio tab.
5. Next to Virtual Access Points, click Add.
6. In the Add - Virtual Access Point window, select the Basic Settings tab.
7. Next to VAP ID, select 2.
8. Next to SSID, enter employee-only.
9. Next to VLAN ID, enter 217.
10. Unselect HTTP Redirect.
11. Select the Security tab.
12. Next to MAC authentication type, select Local.
13. Next to Security, select WPA Enterprise.
14. Next to WPA Version, select v2.
15. Next to Cipher suites, select both.
16. Select Pre authenticate.
17. Next to Radius server, enter 192.211.1.254.
18. Next to Radius key, enter sandia#978.
19. Click OK to return to the Edit - Radio window.
20. Click OK to return to the Wlan Settings page.
21. Under AP Name, select ap-1.
22. In the Edit - Access Point window, select the MAC Filtering tab.
23. Click Add.
24. In the Add MAC Filter window, enter 00:08:C7:1B:8C:02, and click OK.
25. Click Add.
26. In the Add MAC Filter window, enter 01:23:45:67:89:ab, and click OK.
27. For Action, select deny.
28. Click OK.