Authorize APs against AAA

SHANNON WYATT · ‎08-09-2007

Enabling the "Authorize APs against AAA" option in the Wireless LAN Controllers requires you to add the MAC addresses to the ACS server so that the controllers can check the MAC address against RADIUS. If this option is enabled and the MAC addresses are added to the ACS, could a user potentially use the MAC address of an Access Point to gain access to the wireless network?

Jagdeep Gambhir · ‎08-09-2007

no, it will allow only if the mac is in acs database as a user. If AP mac is not listed it can't be used to login.

Regards,

~JG

Please rate if helps

SHANNON WYATT · ‎08-10-2007

I think that maybe I'm not being clear. If I have a single ACS server with normal users as well as mac addresses entered as users, couldn't you use one of the mac addresses to authenticate with using PEAP? I assume there is some method to prevent this from occuring.

Jagdeep Gambhir · ‎08-11-2007

You can use a feature called NAP (Network access profile) in ACS.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NAPs.html

Regards,

~JG

Please rate helpful posts