Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3286
Views
0
Helpful
2
Replies

Cisco Secure ACS and Machine Access Restrictions (MAR)

Joshua Engels
Level 1
Level 1

‎03-03-2010 06:53 AM - edited ‎03-10-2019 04:59 PM

Has anyone here ever used the ACS feature Machine Access Restrictions in a wireless enviornment with PEAP?  I am looking for a way to prevent non-corporate owned assets from getting on to our wireless network.  Right now, I have PEAP working with the ACS but users are able to give their password to contractors allowing them to connect to our network.  This is a huge security issue.  Any thouhgts on going with MAR or should I stick with Microsoft Radius?  I have heard that MAR is buggy but those bugs may have been worked out.  Any help and especially documentation on setting this up would be a great help.

Thanks,

Josh

Labels:
0 Helpful
2 Replies 2

Erick Delgado
Level 1
Level 1

‎03-14-2010 05:51 PM

Hi,

Well machine authentication can be buggy on the supplicant side.

Try Machine authentication first and if everything work good MAR is a good option.

Also you can use access policy so the user can only have a minimun of session active at the same time.

I need more detail information about your enviroment so I can help you better on your security setup.

Regards,

0 Helpful

mariusz.zawadzki
Level 1
Level 1
In response to Erick Delgado

‎04-07-2010 04:06 AM

Hello Erick,

I have a problem with MAR too.

Right now, I  have PEAP-MS-CHAPv2 working with the ACS and Windows AS (as an Ext.  Databases in ACS).

I use ACS appliance 4.1.

A few days ago I  set up MAR to prevent non-corporate laptop to access to the wifi  network and now I see a problem not everyone laptop can connect to the  wlan.

WiFi policy configuration is the same  on the clients  desktop (I hope... made by GPO) but some laptops (eg. HP 8510p, 2530p)  have problem with connection.

We use  windows wireless client.

In ACS Failed Attempts logs I see:

External DB user access denied (Machine Access Restriction)

I don't know what is wrong, maybe some settings on windows system or  something else.

Do you have any idea what may be wrong?

Have youe had similiar expierience.

Tahnks for support.

Regards

maniek

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents