Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
3
Replies

mac based security managed centrally (Acs or whatever)

serust2003
Level 1
Level 1

‎11-14-2005 08:02 AM - edited ‎03-10-2019 02:22 PM

I have a project My customer

want to use Mac Address based Security on their whole network.They want only specific mac addressed pc/notebooks can be connected to their network.But they dont want configuration per switch basis.They wan centralized management.

We first looked for ACS.But we realized that ACS supports only Wireless access point for this kind of purpose.I also found that there is a ACS feature called NAR(Network Access Restriction) Can i use this feature?

They don’t want additional integratio n(Active directory or etc.) and don’t install any software to their pc/notebooks.Because of this i cant use EAP solution.

They have app 300 pc’s and they will enter whole mac address list to ACS and only this PC’s will be connect to network.Is it possible ?

Best Regards

Labels:
0 Helpful
3 Replies 3

darpotter
Level 5
Level 5

‎11-15-2005 01:58 AM

I wouldnt recommend this as a strong security solution, but it could be done - in theory.

Customers devices need to be configured to initiate a PAP authentication using pre-configured credentials (a'la NAC auth bypass).

ACS will have this username+password configured plus a network access restriction that lists the allowed set of macaddrs.

While this may work for 300 users, NARs are not that easily scalable.

0 Helpful

andyirving
Level 1
Level 1
In response to darpotter

‎11-22-2005 12:47 PM

I have the same requirement, given that the ACS solution above is not going to be scalable enough for my requirements would you suggest I look at deploying NAC using the existing Cisco infrastructure with ACS and installing Cisco Trust Agent on all connected PCs and Notebooks with MAC authentication (switchport security) on any other devices such as printers etc?

0 Helpful

andrewclymer
Level 1
Level 1

‎11-23-2005 01:11 AM

This will depend if you can get the switch to issue some form of AAA request prior to allowing packets to flow from the newly connected port.

If you can then it should be possible to get ACS to perform some form of MAC authentication.

But the first problem is getting the switch to perform some kind of authetnication using RADIUS or T+.

0 Helpful
Customers Also Viewed These Support Documents