Cisco Support Community
Community Member

IAS for MAC authentication

Does anyone have a step by step procedure on how to setup Windows IAS to authenticate MAC addresses for the 350, 1200, and 1300 AP?

Community Member

Re: IAS for MAC authentication

Mac-Auth with IAS works but is not scalable because of the number of required "remote access policies". Basically one remote access policy is required per MAC-Address.

Because the MAC-Address is not send in the RADIUS username attribute but in the RADIUS calling-station-id attribute, you need to match, in the remote access policy, the condition called "calling-station-id" and when that condition is matched, allow "unauthenticated access". This will do the trick.

Community Member

Re: IAS for MAC authentication

I'm trying to accomplish the same thing. I have the AP configured to query the IAS server to authenticate MAC addresses. I cant even seem to create a remote access policy that will allow this to happen. I had this all working perfectly on a trial version of Cisco's Secure ACS and figured it would be as easy as changing the Ip addresses of the radius server int he AP config and creating a user id for each MAC on the Microsoft server.

This obviously has not worked. if anyone can offer any king of help with this I'd be thankful.

CreatePlease to create content