I am trying to setup 802.1x port base authentication in the Cisco Cat.2950 switch. I use PEAP in a Windows XP client (authenticate by Windows AD username/password) and Cisco ACS 4.0 as the RADIUS authentication server. Everything is okay. Now, I want to further improve the security. Does anyone know can the user be authenticated by "Windows AD username/password" PLUS "MAC address authentication"? I know I can manually enter the MAC address in each switch, but it is not feasible in our environment because we have many switches and many notebooks. Thanks.