EAP AND MAC AUTHENTICATION USING ACS 4.1 SOLUTION ENGINE

Unanswered Question
Apr 2nd, 2007

Hi,

We have some 17, 1200 access points (autonomous). The access points are spread over 16 floors in the meeting rooms.

I want to authenticate the users using mac and eap. The username and password should be the mac address of the device to be authenticated which should be entered in the acs. this procedure will avoid installing certificates on each device . I am using an acs 4.1 solution engine. can anybody help me how to configure this ?

requirement:

enter mac address as username and password in acs

create a strong ms-chap pasword for the user to access the wireless lan.

expecting an answer from the experts.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
magurwara Tue, 04/03/2007 - 09:05

Looks like you already understand what you need to do ...."enter mac address as username and password in acs"

Can you be specific on what end of the configuration you need help with? Device end or ACS end?

prakavi Tue, 04/03/2007 - 12:13

hi,

I need the configuration of Acees point.

and a confusion prevails , if i put pap password as mac address and ms chap password as different one, what username should i give when the popup aks for the username and password ?

On the acs end i have created a AAA client

can you show some configuration exmaple of access point ?

Regards

pradeep

magurwara Thu, 04/05/2007 - 04:37

Pradeep,

Are you planning MAC authentication for some users while using EAP for others?

For MAC authentication, just use the following in your AP.

aaa authentication login mac_methods group radius

In your AP, select the radius server for mac authentication. You must have already defined your ACS as a radius server.

In your SSID configuration, under client authentication settings,

check "open authentication" and also select "MAC Authentication" from the drop-down list.

If you want both MAC or EAP, then select "MAC Authentication or EAP" from the dropdown.

Define the mac address as the username and password in ACS. Make sure the format of the mac is without any spaces.

You will not need to change anything in XP.

NOTE: XP normally does not require user authentication if machine has already authenticated but it might behave differently. If it does, I can let you know the registry settings to force the behaviour change.

HTH

prakavi Thu, 04/05/2007 - 06:49

Hi magurwara ,

Thanks a lot for the reply. it is working now. your reply came bit late any way it will be useful for others too.

Many people told me that this solution will not work in acs 4.1 solution engine. Thats why I put it in the forums and confirmed.

thanks a lot again.

Actions

This Discussion