Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS V4.1 How to separate MAC addresses in an Authentication rule....?

I'm configuring Agentless Authentication based om MAC addresses sendt from the access switch using MAB (MAC Authent. Bypass). I got it up and running, but with just one MAC address configured in the Authentication rule. When I try to configure more than one address in the rule, I get an error saying this is not a MAC address. How do you separate the MAC entries in the same Authentication rule. The doc says you can configure 10.000 addresses in one rule.


Re: ACS V4.1 How to separate MAC addresses in an Authentication

The ACS can authenticate MAC addresses sent from an AP/Switch. A properly configured AP/Switch will attempt to authenticate a MAC address using Secure-PAP authentication with the ACS. The MAC addresses are entered into the ACS as users, with the username and password being the MAC address.

1. From the ACS main menu, click on the USER SETUP button.

2. In the USER text box, type the MAC address to add to the user database. Use no dashes, periods,

or any other delimiter.

At the USER SETUP screen, enter the MAC address in the SECURE-PAP PASSWORD text box.

3.Click the SUBMIT button.

Adding the AP/Switch to the ACS server

1. From the ACS main menu click on the NETWORK CONFIGURATION button.

2. Click on the ADD ENTRY button.

3. Configure the DNS name of the AP, the IP address of the AP, the RADIUS shared secret and the

Authentication method.

4. Make sure to select RADIUS (Cisco Aironet) in the AUTHENTICATE USING drop down menu.

5. To complete, click the SUBMIT+RESTART button.

CreatePlease login to create content