How to configure 802.1X authentication based on the MAC address

Document

Jun 22, 2009 5:05 PM
Jun 22nd, 2009

Resolution

Complete these steps in order to configure 802.1x authentication on the switch:

  • Go into the interfaces connected to the clients using "interface interface_id" command and configure the following

  • In the case of Microsoft Windows XP client, for MAC authentication to work, disable the client in order to send an EAP request, so that switch can consider it as agentless host, and initiates the MAC authentication bypass process. This is the registry fix on Windows XP test machine:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]
    "SupplicantMode"=dword:00000000


  • Create an AAA client entry for the switch in ACS from the Network Configuration section. Use RADIUS as the authentication protocol.

  • On ACS, create an account for the client, based on its MAC address. For example, if the MAC address of the client is 00-15-C5-3A-E4-0D "

    Username : 0015c53ae40d
    Password : 0015c53ae40d


Note:  Ensure that ACS is does not hit Cisco bug ID CSCsh62641.

Refer to the Using IEEE 802.1x Authentication with MAC Authentication Bypass section of Configuring IEEE 802.1x Port-Based Authentication for more information.

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 22, 2009 at 5:05 PM
Stats:
Comments:0 Avg. Rating:0
Views:16456 Contributors:0
Shares:0

Related Content

Documents Leaderboard