Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
1
Replies

WPA2 Personal with MAC Filtering Problem

steve-hilliard
Level 1
Level 1

‎01-29-2008 09:05 PM - edited ‎07-03-2021 03:17 PM

I'm trying to configure WPA with MAC filtering on an 1100 series AP. I have been able to get WPA2 personal working but when I add the option to filter out MAC addresses, the test machine can no longer associate to the AP. WEP with MAC filtering works just fine. Cisco TAC said it was the version of IOS I was running so I rolled back to an older version with no luck. Below is some output from a debug. Any suggestions on how I can get this to work?

*Mar 1 02:03:09.573: AAA/BIND(00000055): Bind i/f

*Mar 1 02:03:09.573: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:09.573: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:09.573: dot11_auth_mac_start: client->unique_id: 0x55

*Mar 1 02:03:09.573: AAA/AUTHEN/PPP (00000055): Pick method list 'mac_methods'

*Mar 1 02:03:09.574: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSED

*Mar 1 02:03:09.874: %DOT11-7-AUTH_FAILED: Station 0016.6f79.4862 Authentication failed

*Mar 1 02:03:09.904: AAA/BIND(00000056): Bind i/f

*Mar 1 02:03:09.905: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:09.905: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:09.905: dot11_auth_mac_start: client->unique_id: 0x56

*Mar 1 02:03:09.905: AAA/AUTHEN/PPP (00000056): Pick method list 'mac_methods'

*Mar 1 02:03:09.906: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSED

*Mar 1 02:03:10.237: AAA/BIND(00000057): Bind i/f

*Mar 1 02:03:10.237: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:10.238: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:10.238: dot11_auth_mac_start: client->unique_id: 0x57

*Mar 1 02:03:10.238: AAA/AUTHEN/PPP (00000057): Pick method list 'mac_methods'

*Mar 1 02:03:10.238: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSED

*Mar 1 02:03:10.570: AAA/BIND(00000058): Bind i/f

*Mar 1 02:03:10.570: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:10.571: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:10.571: dot11_auth_mac_start: client->unique_id: 0x58

*Mar 1 02:03:10.571: AAA/AUTHEN/PPP (00000058): Pick method list 'mac_methods'

*Mar 1 02:03:10.572: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSED

*Mar 1 02:03:10.902: AAA/BIND(00000059): Bind i/f

*Mar 1 02:03:10.903: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:10.903: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:10.903: dot11_auth_mac_start: client->unique_id: 0x59

*Mar 1 02:03:10.904: AAA/AUTHEN/PPP (00000059): Pick method list 'mac_methods'

*Mar 1 02:03:10.904: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSE

Labels:
0 Helpful
1 Reply 1

jpolczyn
Level 1
Level 1

‎01-30-2008 07:49 AM

It sure looks like a problem with the IOS still. It's getting a AUTHPASS message yet still reporting that the authentication failed.

To be honest, MAC filtering provides a lousy addition to security for the amount of hassle it requires to get working. I would recommend getting a good strong key from http://grc.com/passwords and dump MAC filtering. WPA2/AES with a 24 or longer hex key will give you good link protection. Go for a full 64-character hex key if you'd like to go the extra mile.

Copy and paste is your friend. We can only hope some future version of the APs support a SDcard to make PSK installation a real breeze.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card