Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLSE Express and MAC Authetication

We are currently configuring a wireless network with Aironet 1131AG and a WLSE express. We have had lots of problems with some client devices which are supposed to support PEAP or LEAP, but it seems they do not.

In order to overcome this problem we want to use MAC Authentication, but I do not know where to configure the MAC list at the WLSE Express.

Does the WLSE internal AAA supports MAC Authentication? If it doesn't, how can solve this issue?

Thanks for any help.

Juan Spiniak

  • Security and Network Management
5 REPLIES
Hall of Fame Super Red

Re: WLSE Express and MAC Authetication

Hi Juan,

Have a look at this document about configuring IOS Templates with WLSE Express 2.13:

User Guide for the CiscoWorks WLSE and WLSE Express, 2.13

Using IOS Templates

Configuring Advanced Security

Use this option to set up the access point to authenticate client devices using a combination of MAC-based and EAP authentication.

When you enable this feature, client devices that associate to the access point using 802.11 open authentication first attempt MAC authentication. If MAC authentication succeeds, the client device joins the network. If the client is also using EAP authentication, it attempts to authenticate using EAP. If MAC authentication fails, the access point waits for the client device to attempt EAP authentication

From this doc:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_user_guide_chapter09186a0080527f3c.html#wp1263391

Hope this helps!

Rob

Please remember to rate helpful posts.........

"May your heart always be joyful And may your song always be sung May you stay forever young " - Dylan
New Member

Re: WLSE Express and MAC Authetication

Hi Rob,

Thanks for your help.

From you answer I asume that we need to use a MAC local list defined inside each AP. Can this list be apllied only to a certain SSID? Or, can I used the AAA server inside WLSE Express in order to define the MAC list?

Thanks again for the help.

Juan S

Hall of Fame Super Red

Re: WLSE Express and MAC Authetication

Hi Juan,

You can put the MAC List on the AAA server.Use the IOS Template to configure the AP settings in reference to MAC Authentication.And then configue the

users (MAC's) in the AAA/Radius server. Have a read of the attached docs:

User Guide for the CiscoWorks WLSE and WLSE Express, 2.13

Using IOS Templates

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_user_guide_chapter09186a0080527f3c.html#wp1244470

MAC Addresses Authenticated by

Select one of the following:

•Local List Only—Use this setting if you want the authentication to be stored on the access point, and enter MAC addresses.

•Authentication Server Only—Use this setting if you want the authentication to be stored on the server.

•Authentication Server if not found in Local List—Use this setting if you want to try MAC authentication list first and then automatically try the Authentication server list.

Managing AAA Users

In the context of the AAA server, a user is any entity that is being authenticated by a client; for example, a person, an infrastructure access point, or a MAC address.

Enter all users in this screen unless you are using LDAP or Windows domain authentication as the source of user information.

If you have chosen "local" as the Inner Service for a protocol, enter all users to be authenticated in this screen.

Possible users include:

•Users on any of the devices that are using the AAA server to authenticate or authorize those users.

•Administrators who are using authentication to access APs through Telnet.

From this doc:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_user_guide_chapter09186a0080526f57.html#wp1562403

Hope this helps!

Rob

Please remember to rate helpful posts.....

"May your heart always be joyful And may your song always be sung May you stay forever young " - Dylan

Re: WLSE Express and MAC Authetication

Thanks for the info Rob!

Hall of Fame Super Red

Re: WLSE Express and MAC Authetication

Hey Travis, no worries! It is nice to know somebody is out there reading these posts.

Hopefully you are doing well and keeping the lights on:)

Take care.

Rob

"May your heart always be joyful And may your song always be sung May you stay forever young " - Dylan
148
Views
14
Helpful
5
Replies