Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Authorize APs against AAA

Enabling the "Authorize APs against AAA" option in the Wireless LAN Controllers requires you to add the MAC addresses to the ACS server so that the controllers can check the MAC address against RADIUS. If this option is enabled and the MAC addresses are added to the ACS, could a user potentially use the MAC address of an Access Point to gain access to the wireless network?

3 REPLIES

Re: Authorize APs against AAA

no, it will allow only if the mac is in acs database as a user. If AP mac is not listed it can't be used to login.

Regards,

~JG

Please rate if helps

Community Member

Re: Authorize APs against AAA

I think that maybe I'm not being clear. If I have a single ACS server with normal users as well as mac addresses entered as users, couldn't you use one of the mac addresses to authenticate with using PEAP? I assume there is some method to prevent this from occuring.

Re: Authorize APs against AAA

You can use a feature called NAP (Network access profile) in ACS.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NAPs.html

Regards,

~JG

Please rate helpful posts

264
Views
0
Helpful
3
Replies
CreatePlease to create content