Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WPA2 Personal with MAC Filtering Problem

I'm trying to configure WPA with MAC filtering on an 1100 series AP. I have been able to get WPA2 personal working but when I add the option to filter out MAC addresses, the test machine can no longer associate to the AP. WEP with MAC filtering works just fine. Cisco TAC said it was the version of IOS I was running so I rolled back to an older version with no luck. Below is some output from a debug. Any suggestions on how I can get this to work?

*Mar 1 02:03:09.573: AAA/BIND(00000055): Bind i/f

*Mar 1 02:03:09.573: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:09.573: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:09.573: dot11_auth_mac_start: client->unique_id: 0x55

*Mar 1 02:03:09.573: AAA/AUTHEN/PPP (00000055): Pick method list 'mac_methods'

*Mar 1 02:03:09.574: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSED

*Mar 1 02:03:09.874: %DOT11-7-AUTH_FAILED: Station 0016.6f79.4862 Authentication failed

*Mar 1 02:03:09.904: AAA/BIND(00000056): Bind i/f

*Mar 1 02:03:09.905: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:09.905: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:09.905: dot11_auth_mac_start: client->unique_id: 0x56

*Mar 1 02:03:09.905: AAA/AUTHEN/PPP (00000056): Pick method list 'mac_methods'

*Mar 1 02:03:09.906: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSED

*Mar 1 02:03:10.237: AAA/BIND(00000057): Bind i/f

*Mar 1 02:03:10.237: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:10.238: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:10.238: dot11_auth_mac_start: client->unique_id: 0x57

*Mar 1 02:03:10.238: AAA/AUTHEN/PPP (00000057): Pick method list 'mac_methods'

*Mar 1 02:03:10.238: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSED

*Mar 1 02:03:10.570: AAA/BIND(00000058): Bind i/f

*Mar 1 02:03:10.570: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:10.571: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:10.571: dot11_auth_mac_start: client->unique_id: 0x58

*Mar 1 02:03:10.571: AAA/AUTHEN/PPP (00000058): Pick method list 'mac_methods'

*Mar 1 02:03:10.572: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSED

*Mar 1 02:03:10.902: AAA/BIND(00000059): Bind i/f

*Mar 1 02:03:10.903: dot11_auth_mac_start: method_list: mac_methods

*Mar 1 02:03:10.903: dot11_auth_mac_start: method_index: 0xCB000005, req: 0xC474C8

*Mar 1 02:03:10.903: dot11_auth_mac_start: client->unique_id: 0x59

*Mar 1 02:03:10.904: AAA/AUTHEN/PPP (00000059): Pick method list 'mac_methods'

*Mar 1 02:03:10.904: dot11_mac_process_reply: AAA reply for 0016.6f79.4862 PASSE

1 REPLY
New Member

Re: WPA2 Personal with MAC Filtering Problem

It sure looks like a problem with the IOS still. It's getting a AUTHPASS message yet still reporting that the authentication failed.

To be honest, MAC filtering provides a lousy addition to security for the amount of hassle it requires to get working. I would recommend getting a good strong key from http://grc.com/passwords and dump MAC filtering. WPA2/AES with a 24 or longer hex key will give you good link protection. Go for a full 64-character hex key if you'd like to go the extra mile.

Copy and paste is your friend. We can only hope some future version of the APs support a SDcard to make PSK installation a real breeze.

389
Views
0
Helpful
1
Replies
CreatePlease to create content