Description:

This article describes how to configure MAC authentication with Dynamic VLAN on a LANCOM router operating RADIUS.

Requirements:

Procedure:

1) Open the configuration of the router in LANconfig and navigate to the menu item Interfaces → 802.1X → RADIUS servers.

A screenshot of a network configuration interface showing options for managing wireless LAN authentication via a central RADIUS server, including settings for default management pane, specific RADIUS server definitions for certain networks, and RADIUS server availability monitoring.

2) Click on the button Default server to create an entry for the RADIUS server. 

Image showing a partial view of a technical user interface related to RADIUS servers configuration settings.

3) Set the server address to the loopback address 127.0.0.1. This ensures that the RADIUS server integrated in the router is used.

An image displaying a configuration menu for RADIUS servers with options including a new entry setup, protocol selection, and password generation features.

4) Go to the menu Interfaces → LAN → 802.1x authenticator for ETH ports.

Screenshot of a network device's configuration interface showing various settings including management access, Ethernet interfaces, LAN bridge settings, logging, and routing protocols.

5) Select the physical Ethernet interface that the device requiring authentication is connected to (in this example ETH-4) and click Edit.

An image displaying a technical configuration interface for Ethernet port settings, featuring options for MAC-based authentication, auth bypass, and RADIUS server settings.

6) Adjust the following parameters:

  • Enable the option Authentication required.
  • Make sure that the Mode option is set to Single host.
  • In the drop-down menu for MAC-based auth. bypass, select the option immediate. This performs authentication based on the MAC address.
  • In the field RADIUS server enter the name of the RADIUS server created in step 3 (in this example DEFAULT). 

Screenshot of a user interface for configuring an Ethereum authentication on a technical device, showing options for interface settings and authentication requirements.

7) Go to the menu RADIUS → Server and set a checkmark for RADIUS authentication active.

Image displaying a complex technical configuration interface with various settings for RADIUS accounting, certificate management, routing protocols, and user database configurations.

8) Go to the menu RADIUS → Server → User table.

Image displaying a complex technical configuration menu for a RADIUS server, including sections for authentication, accounting, management, and various service settings.

9) Create a new entry and set the following parameters:

  • Name / MAC address : Enter the MAC address of the device being authenticated in the format 00a057123456.
  • Password : Enter the MAC address of the device being authenticated in the format 00a057123456.
  • VLAN ID : Enter the VLAN to be assigned to the user (in this example the VLAN 5).
  • Protocol restriction for authentication : Uncheck all protocols except PAP.
  • Expiry type : From the drop-down menu, select Never so that the user account remains valid permanently.

A screenshot of a technical configuration interface featuring various settings such as passphrase options, username generation, sensitivity checks, protocol restrictions, and expiry settings for authentication purposes.

10) This concludes the configuration. Write the configuration back to the router.

Weitere Artikel zu diesem Thema:

 

 

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2025 LANCOM Systems GmbH