Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Windows XP issue using ACS for MAC Authentication

Hello all,

I am using ACS 4.1 for MAC based authentication as to whether or not to allow a device on the network. It is working fine for most devies but for some of the Windows XP computers I have to disable IEEE authentication on the NIC and create a registry key "SupplicantMode" with a value of "0". Does anyone know a way around having to do this on XP computers? If I don't does this I get a message saying "Windows was unable to find a certificate to log you on to the network" and the XP machines do not get authenticated.

All replies rated!!

7 REPLIES
Cisco Employee

Re: Windows XP issue using ACS for MAC Authentication

IF you plan to use MAC Authentication, this means you do not need/want 802.1X. This makes the registry setting irrelevant.

So if your question is there a way to avoid the registry setting, or a way to avoid having to disable 802.1X?

Thanks,

Re: Windows XP issue using ACS for MAC Authentication

Thanks for the reply. The ultimate solution would be to get the XP machines to authenticate based on MAC and not have to change anything on the XP machines themselves. I want to avoid the registry edit. I have tested with unchecking the IEEE authentication on the properties of te NIC card. I have yet to get this to work without then having to add the registry key for SupplicantMode

Thanks

Cisco Employee

Re: Windows XP issue using ACS for MAC Authentication

When you disable 802.1X, this is disables the functionality on the client, so the registry setting is irrelevant at that point.

This will help:

<http://www.microsoft.com/technet/network/wifi/wififaq.mspx>

Can I ask why you need/want to disable/ignore 1X in favor of MAC Authentication?

Re: Windows XP issue using ACS for MAC Authentication

This is occuring on the wired side not the wireless ans so far when we have diabled 802.1x on the NIC cards some computers still don't pass traffic until we do the registry edit and other others work as soon as it is disabled. No apparent rhyme or reason that we can see.

The goal was to restrict wired network access to only devices that are in the ACS database so that no one could plug an unathorized device into the network and pass traffic. We are regulating ALL network devices and most of them are not capable of doing 802.1x. Scanner guns, wireless timesclocks and the like. If there is a better way to go that gets this result please feel free to share the love! :)

Thanks again!

Cisco Employee

Re: Windows XP issue using ACS for MAC Authentication

You should be able to leverage 802.1X authentication for devices that support it, and MAC Authentication for devices that do not. Checking a MAC address is obviously a lesser form of authentication, so is there a reason you need to work toward only checking MACs? Is it motivated by MAC addresses being a least common denominator?

Re: Windows XP issue using ACS for MAC Authentication

802.1x is fine. I was not aware I could leverage both. Have a link for me?

Cisco Employee

Re: Windows XP issue using ACS for MAC Authentication

184
Views
8
Helpful
7
Replies
CreatePlease to create content