Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Combining MAC authentication OR PEAP authentication ?


How to config the one SSID combining MAC authentication OR PEAP authentication ?

The config guide show the keyword "alternate" to do the job !

But I can not finish the test: when MAC authentication fails, clients can not join the network always.



Re: Combining MAC authentication OR PEAP authentication ?

If you are using WPA for encryption and MAC authentication is not supported.

The abilty to do do both WPA and MAC went away in 12.3(4) according to this

Using WPA Key Management

Wi-Fi Protected Access is a standards-based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for data protection and 802.1X for authenticated key management.

WPA key management supports two mutually exclusive management types: WPA and WPA-Pre-shared key (WPA-PSK). Using WPA key management, clients and the authentication server authenticate to each other using an EAP authentication method, and the client and server generate a pairwise master key (PMK). Using WPA, the server generates the PMK dynamically and passes it to the access point. Using WPA-PSK, however, you configure a pre-shared key on both the client and the access point, and that pre-shared key is used as the PMK.


Note In Cisco IOS releases 12.3(4)JA and later, you cannot enable both MAC-address authentication and WPA-PSK.

in this document

MAC authentication is not considered a secure proceedure as the mac address is eaisly spoofed.