Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MAC Authentication does not work

My MAC Authentication does not work.

I have a ACS 3.0 server set. the MAC address is set in the user name field and in the password field.

I can ping the ACS, I can ping my AP, I can ping my client.

I don't want WEP and I don't want LEAP just MAC. So I set my authentication to "Open with MAC" My client has WEP set to NO WEP and authentication to OPEN

I have the latest drivers for both AP and my 350 Client.

I see that the client is associating and disassociating back and forth non stop. My AP log is full with the following message:

Station 0009.7c9f.xxxx Authentication failed

this is my config:

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname GOM_1200IOS

!

aaa new-model

!

!

aaa group server radius rad_eap

!

aaa group server radius rad_mac

server 10.1.2.197 auth-port 1812 acct-port 1812

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa group server radius wlccp_rad_infra

!

aaa group server radius wlccp_rad_eap

!

aaa group server radius wlccp_rad_leap

!

aaa group server radius wlccp_rad_mac

!

aaa group server radius wlccp_rad_any

!

aaa group server radius wlccp_rad_acct

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication login wlccp_infra group wlccp_rad_infra

aaa authentication login wlccp_eap_client group wlccp_rad_eap

aaa authentication login wlccp_leap_client group wlccp_rad_leap

aaa authentication login wlccp_mac_client group wlccp_rad_mac

aaa authentication login wlccp_any_client group wlccp_rad_any

aaa authorization exec default local

aaa authorization ipmobile default group rad_pmip

aaa accounting network acct_methods start-stop group rad_acct

aaa accounting network wlccp_acct_client start-stop group wlccp_rad_acct

aaa session-id common

enable secret xxxxxx

!

username Cisco password xxxx

ip subnet-zero

!

iapp standby timeout 5

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 40bit 7 9DF1C10BF11A transmit-key

!

ssid GOM_1230

authentication open mac-address mac_methods

!

speed basic-1.0 basic-2.0 basic-5.5 basic-11.0

rts threshold 2312

channel 2462

station-role root

no cdp enable

dot1x reauth-period server

dot1x client-timeout 600

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no cdp enable

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 172.16.43.45 255.255.240.0

no ip route-cache

!

ip default-gateway 172.16.47.254

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100

ip radius source-interface BVI1

access-list 700 permit 000a.b74c.e8c9 0000.0000.0000

access-list 700 permit 0009.7c9f.d6e0 0000.0000.0000

access-list 700 permit 0006.25b1.2f79 0000.0000.0000

access-list 700 permit 000a.b78b.2d19 0000.0000.0000

access-list 700 permit 000b.5f6e.77c8 0000.0000.0000

access-list 700 deny 0000.0000.0000 ffff.ffff.ffff

access-list 701 deny 000b.5f6e.77c8 0000.0000.0000

access-list 701 permit 0000.0000.0000 ffff.ffff.ffff

no cdp run

snmp-server community GOM_AP1230 RO

snmp-server enable traps tty

radius-server local

group AP1230

!

user brazil nthash 7 1249523544595F517972017912677A3055325A25770B08770D5C5B4E4478087605 group AP1230

!

radius-server host 10.1.2.197 auth-port 1812 acct-port 1812 key 7 00233C2B

radius-server retransmit 3

radius-server attribute 32 include-in-access-req format %h

radius-server authorization permit missing Service-Type

radius-server vsa send accounting

bridge 1 route ip

!

!

line con 0

line vty 5 15

!

end

What is wrong?

Thanks very much for your help.

2 REPLIES
New Member

Re: MAC Authentication does not work

I figured out what was wrong so thank you for stopping by.

I will publish the config for other people to see.

Regards,

New Member

Re: MAC Authentication does not work

so what was wrong?

191
Views
0
Helpful
2
Replies
CreatePlease login to create content