Combining MAC authentication OR PEAP authentication ?

Unanswered Question
Apr 14th, 2010


How to config the one SSID combining MAC authentication OR PEAP authentication ?

The config guide show the keyword "alternate" to do the job !

But I can not finish the test: when MAC authentication fails, clients can not join the network always.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bcolvin Wed, 04/21/2010 - 19:43

If you are using WPA for encryption and MAC authentication is not supported.

The abilty to do do both WPA and MAC went away in 12.3(4) according to this

Using WPA Key Management

Wi-Fi Protected Access is a standards-based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for data protection and 802.1X for authenticated key management.

WPA key management supports two mutually exclusive management types: WPA and WPA-Pre-shared key (WPA-PSK). Using WPA key management, clients and the authentication server authenticate to each other using an EAP authentication method, and the client and server generate a pairwise master key (PMK). Using WPA, the server generates the PMK dynamically and passes it to the access point. Using WPA-PSK, however, you configure a pre-shared key on both the client and the access point, and that pre-shared key is used as the PMK.


Note In Cisco IOS releases 12.3(4)JA and later, you cannot enable both MAC-address authentication and WPA-PSK.

in this document

MAC authentication is not considered a secure proceedure as the mac address is eaisly spoofed.



This Discussion



Trending Topics - Security & Network