MAC Authentication on autonomous APs

Unanswered Question
Sep 17th, 2007
User Badges:

Hi!


Has anyone here tried MAC authentication using Aironet 1200 series? If so, can you please tell me how to do it? Because I've been trying to make it work and it just won't work. Thanks!


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rob Huffman Mon, 09/17/2007 - 04:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Angelo,


Configuring and Enabling MAC Address Filters


MAC address filters allow or disallow the forwarding of unicast and multicast packets either sent from or addressed to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify. You can apply the filters you create to either or both the Ethernet and radio ports and to either or both incoming and outgoing packets.


Note: Using the CLI, you can configure up to 2,048 MAC addresses for filtering. Using the web-browser interface, however, you can configure only up to 43 MAC addresses for filtering.


From this doc;


http://www.cisco.com/en/US/docs/wireless/access_point/12.3_2_JA/configuration/guide/s32filt.html#wp1034897


Hope this helps!

Rob


Jagdeep Gambhir Mon, 09/17/2007 - 15:52
User Badges:
  • Red, 2250 points or more

Hi,

Are you talking about radius mac-authentication ?


The steps to configure MAC authentication on the ACS server and AP :


[1] GO to Server Manager


In the Corporate Servers -->Current Server List

-- Select the Radius Server in the drop down.

-- Specify the Server IP address in the Server: field

-- Specify the Shared Secret in the Shared Secret: field

-- Set the Authentication Port (optional): 1645 and the Accounting Port (optional): 1646

- click on Apply

-- In the Default Server Priorities aand under MAC Authentication

-- In the drop down Priority 1: select the IP address of the ACS server and click on Apply

[2] Goto SSid MAnager

-- Select the ssid, In case a new SSID needs to be created create a new ssid.

-- In Authentication Settings --> Methods Accepted: --> check on Open Authentication:

--> Select with Mac Authentication from the drop down menu.

- Click on the Apply all button to save this setting

[3] Goto Advanced Security

-- In the MAC Address Authentication -->MAC Addresses Authenticated by:

-- Select Authentication Server Only and click on Apply

On the ACS server Create Users with user names and password set to the MAC address of the

clients. These user names/passwords should NOT have any spaces or dots in between them..



Regards,

~JG



engineerangelo Mon, 09/17/2007 - 17:51
User Badges:

Hi JG,


What if I wanted to use the AP itself as the local authenticator. Because this is what I've been trying to do and I don't know why I couldn't make it work. Thanks.


Regards

Jagdeep Gambhir Tue, 09/18/2007 - 04:12
User Badges:
  • Red, 2250 points or more

Hi,

In order for you set this into the AP, the AP should be set as a Local Server.


To set the AP for Local MAC follow these steps:


1. Click on Security

2. Click on Local Radius Server

3. Select General Set-up

4. The Authentication Protocol: MAC

5. Apply the changes

6. Under Network Access Servers (AAA Clients) enter the IP address and the Shared Secret of the AP. Apply the changes.

7. Under Individual Users, the username and password would be the client Radios MAC

Address. Select also MAC Authentication only. Enter each MAC one by one.

8. Apply the changes.

9. Click on SSID Manager on the Menu of the left.

10. Create one SSID with Open Authentication with MAC.

11. Apply the changes.

12. Click on Server Manager on the Menu of the left.

13. Under corporate servers enter the IP address of the server, in this case the AP itself again, the Shared Secret, and the Authentication and Accounting ports with the values of 1812 and 1813. Apply the changes.

14. Under Default Server priorities, select the option MAC Authentication in Priority 1.


Apply the changes.



Regards,

~JG


mohammadlatif Thu, 05/16/2013 - 02:38
User Badges:

how to add MAC address of specific laptop or Mobile to connect to the Access Point for service of internet in cisco Aironet AP 1260 series in Autonmous mode like we have linksys AP MAC filtering...the above steps are how to allow device to access specific protocols.

Actions

This Discussion

 

 

Trending Topics - Security & Network