MAC Authentication on autonomous APs

engineerangelo · ‎09-17-2007

Hi!

Has anyone here tried MAC authentication using Aironet 1200 series? If so, can you please tell me how to do it? Because I've been trying to make it work and it just won't work. Thanks!

Regards

Rob Huffman · ‎09-17-2007

Hi Angelo,

Configuring and Enabling MAC Address Filters

MAC address filters allow or disallow the forwarding of unicast and multicast packets either sent from or addressed to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify. You can apply the filters you create to either or both the Ethernet and radio ports and to either or both incoming and outgoing packets.

Note: Using the CLI, you can configure up to 2,048 MAC addresses for filtering. Using the web-browser interface, however, you can configure only up to 43 MAC addresses for filtering.

From this doc;

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_2_JA/configuration/guide/s32filt.html#wp1034897

Hope this helps!

Rob

Jagdeep Gambhir · ‎09-17-2007

Hi,

Are you talking about radius mac-authentication ?

The steps to configure MAC authentication on the ACS server and AP :

[1] GO to Server Manager

In the Corporate Servers -->Current Server List

-- Select the Radius Server in the drop down.

-- Specify the Server IP address in the Server: field

-- Specify the Shared Secret in the Shared Secret: field

-- Set the Authentication Port (optional): 1645 and the Accounting Port (optional): 1646

- click on Apply

-- In the Default Server Priorities aand under MAC Authentication

-- In the drop down Priority 1: select the IP address of the ACS server and click on Apply

[2] Goto SSid MAnager

-- Select the ssid, In case a new SSID needs to be created create a new ssid.

-- In Authentication Settings --> Methods Accepted: --> check on Open Authentication:

--> Select with Mac Authentication from the drop down menu.

- Click on the Apply all button to save this setting

[3] Goto Advanced Security

-- In the MAC Address Authentication -->MAC Addresses Authenticated by:

-- Select Authentication Server Only and click on Apply

On the ACS server Create Users with user names and password set to the MAC address of the

clients. These user names/passwords should NOT have any spaces or dots in between them..

Regards,

~JG

engineerangelo · ‎09-17-2007

Hi JG,

What if I wanted to use the AP itself as the local authenticator. Because this is what I've been trying to do and I don't know why I couldn't make it work. Thanks.

Regards

Jagdeep Gambhir · ‎09-18-2007

Hi,

In order for you set this into the AP, the AP should be set as a Local Server.

To set the AP for Local MAC follow these steps:

1. Click on Security

2. Click on Local Radius Server

3. Select General Set-up

4. The Authentication Protocol: MAC

5. Apply the changes

6. Under Network Access Servers (AAA Clients) enter the IP address and the Shared Secret of the AP. Apply the changes.

7. Under Individual Users, the username and password would be the client Radios MAC

Address. Select also MAC Authentication only. Enter each MAC one by one.

8. Apply the changes.

9. Click on SSID Manager on the Menu of the left.

10. Create one SSID with Open Authentication with MAC.

11. Apply the changes.

12. Click on Server Manager on the Menu of the left.

13. Under corporate servers enter the IP address of the server, in this case the AP itself again, the Shared Secret, and the Authentication and Accounting ports with the values of 1812 and 1813. Apply the changes.

14. Under Default Server priorities, select the option MAC Authentication in Priority 1.

Apply the changes.

Regards,

~JG

mohammadlatif · ‎05-16-2013

how to add MAC address of specific laptop or Mobile to connect to the Access Point for service of internet in cisco Aironet AP 1260 series in Autonmous mode like we have linksys AP MAC filtering...the above steps are how to allow device to access specific protocols.