MAC Address Format Question

Answered Question
Nov 1st, 2007
User Badges:

Does anyone know the proper format for the client MAC address in the ACS internal database such that it will authenticate 8021x queries from a cisco switch?


Is it: 00-11-43-4A-B8-62

or: 0011.434A.B862

or maybe: 0011434AB862

or something else?


I've been reading the config guides but I don't see this addressed yet.


Thanks in advance.

Correct Answer by Jagdeep Gambhir about 9 years 6 months ago

ACS supports the following three standard formats for representing MAC-48 addresses in human-readable form:


Six groups of two hexadecimal digits, separated by hyphens (-) in transmission order, for example, 01-23-45-67-89-ab.


Six groups of two separated by colons (:), for example, 01:23:45:67:89:ab.


Three groups of four hexadecimal digits separated by dots (.), for example, 0123.4567.89ab.


Regards,

~JG


Do rate helpful posts


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Thu, 11/01/2007 - 08:21
User Badges:
  • Red, 2250 points or more

ACS supports the following three standard formats for representing MAC-48 addresses in human-readable form:


Six groups of two hexadecimal digits, separated by hyphens (-) in transmission order, for example, 01-23-45-67-89-ab.


Six groups of two separated by colons (:), for example, 01:23:45:67:89:ab.


Three groups of four hexadecimal digits separated by dots (.), for example, 0123.4567.89ab.


Regards,

~JG


Do rate helpful posts


jafrazie Thu, 11/01/2007 - 12:11
User Badges:
  • Cisco Employee,

We must be talking abut something other than 802.1X here, right? 802.1X doesn't authenticate MAC addresses.

hal.chaikin Thu, 11/01/2007 - 14:38
User Badges:

Actually I'm talking both:


The specific question I posted was on correct formatting of MACs, (because I couldn't find it) but the broader issue I am trying to piece together is devising a way to have different policies on my SE's that can:


a) Authenticate clients (three types):


1) Thin and dumb clients (non-OS based workstations), printers, copiers, scanners, etc. based on their MAC addresses (authenticating against the SE's internal database which I imported via RDBMS)and...


2) Directly wired and 3) wireless Windows XP machines (against an external database, specifically group membership in our AD domain).


And,


b) User accounts: Specifically, our network management accounts (currently administrator accounts in our AD domain)used to manage network devices via SSH.


I am currently accomplishing all the above (except the dumb clients/MACs) using Microsoft IAS but (since we don't have schema admin rights in the domain) cannot do the MAC authentication with it so we're migrating to ACS's.


Reading through the user and config guides, I'm getting the drift that if I use the internal database (for the MAC authentication) then I'm locked into it - and then cannot then make another policy that looks to an external database for everything else.


If you've got any good leads, or reference materials, to expedite my search, I'd certainly appreciate it.


Thanks.

Actions

This Discussion