dot1x and ACS

Unanswered Question
Nov 30th, 2007

What does it take to make dot1x and ACS to work correctly together? Im trying to do authentication with dot1x, but not sure what its really trying to authenticate? Seems like its more of a mac address or something. Any ideas on what people normally authenticate?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
mikedurbin Fri, 11/30/2007 - 13:36

is this mac address authentication? Im not sure I understand "what" its really authenticating.

jafrazie Fri, 11/30/2007 - 14:36

802.1X doesn't authenticate MAC addresses. IT typically authenticates LAN ports based on an identified credential, where this credential is driven by the EAP type, like a certificate, userame/password, etc.

mikedurbin Fri, 11/30/2007 - 18:46

Can you point me in a direction to learn more about that? I was thinking I could put a mac address of a pc in ACS as a userID/password and it would authenticate that way, with proper config on a switch. Im guessing that isnt right.

mikedurbin Sat, 12/01/2007 - 11:39

I guess what Im trying to figure out is what authentication is it sending? I think it must be a userID/password, but Im not sure what excatly it is. Anyone know?

jafrazie Mon, 12/03/2007 - 06:55

Defined by your chosen EAP method. For example, EAP-TLS is a cryptographic method and would use a cert to authenticate. EAP-MD5 is a challenge-response based method using usernames and passwords.

Hope this gives you a start,

amady3381 Mon, 12/03/2007 - 10:52

Hi all

I think you can use mac-authentication with dot1x and you will add the mac-addressess of the PCs to the ACS database. Use this way to add the mac-addressess as users:

Username: MAC-Address

Password: MAC-Address

So, the username and the password will be the mac-address of the pc

I hope this help,

mikedurbin Mon, 12/03/2007 - 22:21

I did try the mac-address solution. I couldnt get it to work. Any idea on how to get that done?


This Discussion