Wireless Client Authentication

Unanswered Question
Feb 8th, 2010
User Badges:

I have a wireless setup in my company and i would like to know how can i setup so that when somebody is trying to access the wireless private SSID it authenticates the client first (Laptop) and make sure it's part of AD and then the user .

Thank you


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Robert.N.Barrett_2 Tue, 02/09/2010 - 10:55
User Badges:
  • Bronze, 100 points or more

Could you give us some more details around your clients and the wireless network config?

Generally speaking, you want to enable Machine auth with User Auth.  Assuming you are already doing PEAP user auth with Windows clients running Wireless Zero Config, and ACS 4.2 performing your RADIUS authentication, then you'll want to do the following:

- Configure the wireless profile on the PC to include machine auth: On the Authentication Tab of the wireless profile, simply check/tick the "Authenticate as computer when computer information is available"

- On the ACS 4.2, enable machine auth, and perhaps Machine Access Restriction, in the windows database config section.  Read the Cisco documentation very carefully about how MAR works to ensure it meets your needs.

The ACS guide also has a good section on enabling machine auth on Windows machines.


This Discussion