Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1225
Views
0
Helpful
4
Replies

WPA2 and mac authentication

jlhainy
Level 2
Level 2

‎09-22-2006 01:06 PM - edited ‎07-04-2021 01:08 PM

I am currently using WPA2-spk. I want to add another layer of security. I know I could do EAP. I am also looking at mac authentication. But I want to host the mac list on an ACS server. Setting the the mac addresses on the ACS server is pretty cut and dry, but how can I configure the ap to look to the ACS server for its mac list? And, how can I get WPA-spk and mac authentication to work together?

Labels:
0 Helpful
4 Replies 4

frankzehrer
Level 4
Level 4

‎09-24-2006 10:02 PM

Hi Jared,

you can do this by setup the following:

Webinterface:

1. Securtiy -> Server Manager

Setup the ACS IP in the list "MAC Authentication" in the section "Default Server Priorities".

2. Securtiy -> Advanced Securtiy

In the section "MAC Address Authentication" use the radio button "Authentication Server Only" or "Local List if no response from Authentication Server" for a fallback configuration!

IOS Interface from config mode:

aaa group server radius rad_mac

server 10.20.40.37 auth-port 1645 acct-port 1646

and

aaa authentication login mac_methods group rad_mac

or

aaa authentication login mac_methods group rad_mac local (for local fallback)

I have not tested this, cause the MAC of the supplicants is to easy to sniff and any medium skilled person may used a sniffed MAC to enter the first authentication stage!

Better use a setup with EAP-FAST or PEAP!

I hope that helps.

Best regards,

Frank

I hope that helps.

0 Helpful

jlhainy
Level 2
Level 2
In response to frankzehrer

‎09-25-2006 05:44 AM

I got that far, but I am still not seeing the mac authention portion work. I am looking at my ACS logs and I don't even seen an attemtp to authenticate the mac address to the ACS. I currently have open authentication set up. When I add the option with mac address, then the wireless breaks and I cannot use the Access Point any longer.

0 Helpful

jlhainy
Level 2
Level 2
In response to frankzehrer

‎09-25-2006 05:51 AM

Frank,

I just found an error message that states that mac authenication is not supported with wpa-spk. So it looks like I am stuck with EAP as I figured I would.

I was just trying it out to see if it was a possibility. Thanks for responding.

0 Helpful

frankzehrer
Level 4
Level 4
In response to jlhainy

‎09-26-2006 03:37 AM

Hi Jared,

you are totally right!

Have a look here:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml#supp

Sometimes RTFM helps.

;-))

I have learned something, too.

Best regards,

Frank

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card