EAP AND MAC AUTHENTICATION USING ACS 4.1 SOLUTION ENGINE
We have some 17, 1200 access points (autonomous). The access points are spread over 16 floors in the meeting rooms.
I want to authenticate the users using mac and eap. The username and password should be the mac address of the device to be authenticated which should be entered in the acs. this procedure will avoid installing certificates on each device . I am using an acs 4.1 solution engine. can anybody help me how to configure this ?
enter mac address as username and password in acs
create a strong ms-chap pasword for the user to access the wireless lan.
Re: EAP AND MAC AUTHENTICATION USING ACS 4.1 SOLUTION ENGINE
Are you planning MAC authentication for some users while using EAP for others?
For MAC authentication, just use the following in your AP.
aaa authentication login mac_methods group radius
In your AP, select the radius server for mac authentication. You must have already defined your ACS as a radius server.
In your SSID configuration, under client authentication settings,
check "open authentication" and also select "MAC Authentication" from the drop-down list.
If you want both MAC or EAP, then select "MAC Authentication or EAP" from the dropdown.
Define the mac address as the username and password in ACS. Make sure the format of the mac is without any spaces.
You will not need to change anything in XP.
NOTE: XP normally does not require user authentication if machine has already authenticated but it might behave differently. If it does, I can let you know the registry settings to force the behaviour change.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...