Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MAC Address Format Question

Does anyone know the proper format for the client MAC address in the ACS internal database such that it will authenticate 8021x queries from a cisco switch?

Is it: 00-11-43-4A-B8-62

or: 0011.434A.B862

or maybe: 0011434AB862

or something else?

I've been reading the config guides but I don't see this addressed yet.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: MAC Address Format Question

ACS supports the following three standard formats for representing MAC-48 addresses in human-readable form:

Six groups of two hexadecimal digits, separated by hyphens (-) in transmission order, for example, 01-23-45-67-89-ab.

Six groups of two separated by colons (:), for example, 01:23:45:67:89:ab.

Three groups of four hexadecimal digits separated by dots (.), for example, 0123.4567.89ab.

Regards,

~JG

Do rate helpful posts

4 REPLIES

Re: MAC Address Format Question

ACS supports the following three standard formats for representing MAC-48 addresses in human-readable form:

Six groups of two hexadecimal digits, separated by hyphens (-) in transmission order, for example, 01-23-45-67-89-ab.

Six groups of two separated by colons (:), for example, 01:23:45:67:89:ab.

Three groups of four hexadecimal digits separated by dots (.), for example, 0123.4567.89ab.

Regards,

~JG

Do rate helpful posts

New Member

Re: MAC Address Format Question

Thanks JG.

Cisco Employee

Re: MAC Address Format Question

We must be talking abut something other than 802.1X here, right? 802.1X doesn't authenticate MAC addresses.

New Member

Re: MAC Address Format Question

Actually I'm talking both:

The specific question I posted was on correct formatting of MACs, (because I couldn't find it) but the broader issue I am trying to piece together is devising a way to have different policies on my SE's that can:

a) Authenticate clients (three types):

1) Thin and dumb clients (non-OS based workstations), printers, copiers, scanners, etc. based on their MAC addresses (authenticating against the SE's internal database which I imported via RDBMS)and...

2) Directly wired and 3) wireless Windows XP machines (against an external database, specifically group membership in our AD domain).

And,

b) User accounts: Specifically, our network management accounts (currently administrator accounts in our AD domain)used to manage network devices via SSH.

I am currently accomplishing all the above (except the dumb clients/MACs) using Microsoft IAS but (since we don't have schema admin rights in the domain) cannot do the MAC authentication with it so we're migrating to ACS's.

Reading through the user and config guides, I'm getting the drift that if I use the internal database (for the MAC authentication) then I'm locked into it - and then cannot then make another policy that looks to an external database for everything else.

If you've got any good leads, or reference materials, to expedite my search, I'd certainly appreciate it.

Thanks.

5912
Views
0
Helpful
4
Replies