Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

enabling 802.1x and MAC Authentication Bypass on ACS 4.2

Hi experts,

I have a few questions regarding 802.1x & MAC Authentication Bypass configured on ACS 4.2.

i. Is it possible to configure MAC authentication + 802.1x on ACS 4.2 at the same time? Here is the scenario;

Our company would like to enforce 'double authentication' on each staff machine (include those personal laptop/notebook). Each time the staff plugged into company's network, they will need to supply username & password in order to get access. After that, the ACS server will also check whether the user's MAC address is valid by checking against its own database. This MAC address is tied to the staff's user profile in ACS. If the login information supplied by the staff is valid but the MAC address of their machine is not match in ACS database, then the staff will not be able to gain access unless after notifying the administrator about it.

ii. If it is possible, any reference that I can check on how to configure this?

The reason why I need MAC authentication + 802.1x to be configured at ACS as most of our switches are not cisco based and only capable to support 802.1x.

Hope anyone here could help me on this.

Thanks very much,

Daniel

2 REPLIES
Cisco Employee

Re: enabling 802.1x and MAC Authentication Bypass on ACS 4.2

With ACS, you can setup NARs (or Network Access Restrictions) to permit/deny access based on IP/non-IP based filters (like MAC Addresses).

Specific info is here:

<http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008018494f.html#313>

Hope this helps,

New Member

Re: enabling 802.1x and MAC Authentication Bypass on ACS 4.2

Sorry, the link is not valid. Can you give me other related link?

737
Views
2
Helpful
2
Replies
CreatePlease login to create content