Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LEAP and MAC authentication thru ACS 3.2 for AP1100

I want to configure wireless user to be authenticated thru MAC and LEAP at a ACS server. Windows user database is used and MAC address are configured as user in the ACS User list.

In the AP ( web configuration ) SSID manager, should I choose Open Authentication with MAC and EAP or Network EAP with MAC authentication ?

I tried Network EAP with MAC authentiocation but it doesn't work.

I tried Open auth with MAC and EAP + Network EAP with no option, the authtication will go thru with or without the MAc address in the ACS.

Any thought ?

3 REPLIES
Silver

Re: LEAP and MAC authentication thru ACS 3.2 for AP1100

If the client has both MAC and EAP Authentication, you can allow the client to log on to the network with only MAC Authentication. If you don?t want the client to log on to the network if the MAC Authentication succeeds and then go to the EAP process, that can also be configured. To set up EAP, you must select Require EAP under Open authentication on the AP Radio Data Encryption page to force client devices to perform EAP authentication if they fail MAC authentication. If you do not select Require EAP, client devices that fail MAC authentication might be able to join the network without performing EAP authentication. For more information, please see the following url,

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch4.htm#828

55 . Please see step 4 and step 5. Also, you might like to see the following url which has a Summary of Settings for Authentication Types,

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch4.htm#xtocid24

New Member

Re: LEAP and MAC authentication thru ACS 3.2 for AP1100

The AP I used is AP1100. I just select Network EAP with Mac authentication. It authenticates both EAP and MAC. The MAC address has to be small letter at the ACS user database.

If Open auth with EAP and MAC are selected, I found that only EAP is verified from the debug command. That is why any MAC address can pass thru.

New Member

Re: LEAP and MAC authentication thru ACS 3.2 for AP1100

OK if i use MAC and Peap for the same PC adapter

authentication fail.But if Peap PC adapter it's not in MAC ACS DB the authentication work fine

Thanks

242
Views
0
Helpful
3
Replies