I am jumping headfirst into ACS and have a question about authenticating clients via MAC address through an AP1200 to ACS4.0.
I have only done Windows IAS before to auth VPN clients, so this is new.
I am reading all the docs I can find and still can't understand how I can enter the MAC address of an allowed station into either the ACS database or the Windows directory.
Also, has anyone ever seen (or written) a simple "how-to" on setting up ACS and an AP?
u need to configure the attribute value pairs if ur going for radius authentication
i am sending u related doc i think this is enough i am also workin on same if need any help most welcome
However, by entering an IP address in place of the CLI you can use the
non-IP-based filter even when the AAA client does not use a Cisco IOS release
that supports CLI or DNIS. In another exception to entering a CLI, you can enter
a MAC address to permit or deny; for example, when you are using a Cisco
Aironet AAA client. Likewise, you could enter the Cisco Aironet AP MAC
address in place of the DNIS. The format of what you specify in the CLI
box—CLI, IP address, or MAC address—must match the format of what you
receive from your AAA client. You can determine this format from your RADIUS
Attributes for DNIS/CLI-based restrictions, per protocol, include the following
• If you are using TACACS+—The NAR fields listed employ the following
– AAA client—The NAS-IP-address is taken from the source address in
the socket between Cisco Secure ACS and the TACACS+ client.
– Port—The port field in the TACACS+ start packet body is used.
– CLI—The rem-addr field in the TACACS+ start packet body is used.
– DNIS—The rem-addr field taken from the TACACS+ start packet body
is used. In cases in which the rem-addr data begins with “/” the DNIS
field contains the rem-addr data without the “/” character.