03-03-2010 06:53 AM - edited 03-10-2019 04:59 PM
Has anyone here ever used the ACS feature Machine Access Restrictions in a wireless enviornment with PEAP? I am looking for a way to prevent non-corporate owned assets from getting on to our wireless network. Right now, I have PEAP working with the ACS but users are able to give their password to contractors allowing them to connect to our network. This is a huge security issue. Any thouhgts on going with MAR or should I stick with Microsoft Radius? I have heard that MAR is buggy but those bugs may have been worked out. Any help and especially documentation on setting this up would be a great help.
Thanks,
Josh
03-14-2010 05:51 PM
Hi,
Well machine authentication can be buggy on the supplicant side.
Try Machine authentication first and if everything work good MAR is a good option.
Also you can use access policy so the user can only have a minimun of session active at the same time.
I need more detail information about your enviroment so I can help you better on your security setup.
Regards,
04-07-2010 04:06 AM
Hello Erick,
I have a problem with MAR too.
Right now, I have PEAP-MS-CHAPv2 working with the ACS and Windows AS (as an Ext. Databases in ACS).
I use ACS appliance 4.1.
A few days ago I set up MAR to prevent non-corporate laptop to access to the wifi network and now I see a problem not everyone laptop can connect to the wlan.
WiFi policy configuration is the same on the clients desktop (I hope... made by GPO) but some laptops (eg. HP 8510p, 2530p) have problem with connection.
We use windows wireless client.
In ACS Failed Attempts logs I see:
External DB user access denied (Machine Access Restriction)
I don't know what is wrong, maybe some settings on windows system or something else.
Do you have any idea what may be wrong?
Have youe had similiar expierience.
Tahnks for support.
Regards
maniek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide