https://community.cisco.com/t5/network-access-control/mac-based-security-managed-centrally-acs-or-whatever/m-p/425403#M428189 <P>I have a project My customer </P><P> want to use Mac Address based Security on their whole network.They want only specific mac addressed pc/notebooks can be connected to their network.But they dont want configuration per switch basis.They wan centralized management.</P><P></P><P>We first looked for ACS.But we realized that ACS supports only Wireless access point for this kind of purpose.I also found that there is a ACS feature called NAR(Network Access Restriction) Can i use this feature?</P><P></P><P>They don&#146;t want additional integratio n(Active directory or etc.) and don&#146;t install any software to their pc/notebooks.Because of this i cant use EAP solution.</P><P></P><P>They have app 300 pc&#146;s and they will enter whole mac address list to ACS and only this PC&#146;s will be connect to network.Is it possible ?</P><P></P><P></P><P>Best Regards</P><P></P><P></P> Sun, 10 Mar 2019 21:22:28 GMT serust2003 2019-03-10T21:22:28Z https://community.cisco.com/t5/network-access-control/mac-based-security-managed-centrally-acs-or-whatever/m-p/425403#M428189 <P>I have a project My customer </P><P> want to use Mac Address based Security on their whole network.They want only specific mac addressed pc/notebooks can be connected to their network.But they dont want configuration per switch basis.They wan centralized management.</P><P></P><P>We first looked for ACS.But we realized that ACS supports only Wireless access point for this kind of purpose.I also found that there is a ACS feature called NAR(Network Access Restriction) Can i use this feature?</P><P></P><P>They don&#146;t want additional integratio n(Active directory or etc.) and don&#146;t install any software to their pc/notebooks.Because of this i cant use EAP solution.</P><P></P><P>They have app 300 pc&#146;s and they will enter whole mac address list to ACS and only this PC&#146;s will be connect to network.Is it possible ?</P><P></P><P></P><P>Best Regards</P><P></P><P></P> Sun, 10 Mar 2019 21:22:28 GMT https://community.cisco.com/t5/network-access-control/mac-based-security-managed-centrally-acs-or-whatever/m-p/425403#M428189 serust2003 2019-03-10T21:22:28Z https://community.cisco.com/t5/network-access-control/mac-based-security-managed-centrally-acs-or-whatever/m-p/425404#M428191 <HTML><HEAD></HEAD><BODY><P>I wouldnt recommend this as a strong security solution, but it could be done - in theory.</P><P></P><P>Customers devices need to be configured to initiate a PAP authentication using pre-configured credentials (a'la NAC auth bypass).</P><P></P><P>ACS will have this username+password configured plus a network access restriction that lists the allowed set of macaddrs.</P><P></P><P>While this may work for 300 users, NARs are not that easily scalable.</P></BODY></HTML> Tue, 15 Nov 2005 09:58:04 GMT https://community.cisco.com/t5/network-access-control/mac-based-security-managed-centrally-acs-or-whatever/m-p/425404#M428191 darpotter 2005-11-15T09:58:04Z https://community.cisco.com/t5/network-access-control/mac-based-security-managed-centrally-acs-or-whatever/m-p/425405#M428192 <HTML><HEAD></HEAD><BODY><P>I have the same requirement, given that the ACS solution above is not going to be scalable enough for my requirements would you suggest I look at deploying NAC using the existing Cisco infrastructure with ACS and installing Cisco Trust Agent on all connected PCs and Notebooks with MAC authentication (switchport security) on any other devices such as printers etc?</P></BODY></HTML> Tue, 22 Nov 2005 20:47:41 GMT https://community.cisco.com/t5/network-access-control/mac-based-security-managed-centrally-acs-or-whatever/m-p/425405#M428192 andyirving 2005-11-22T20:47:41Z https://community.cisco.com/t5/network-access-control/mac-based-security-managed-centrally-acs-or-whatever/m-p/425406#M428193 <HTML><HEAD></HEAD><BODY><P>This will depend if you can get the switch to issue some form of AAA request prior to allowing packets to flow from the newly connected port. </P><P></P><P>If you can then it should be possible to get ACS to perform some form of MAC authentication.</P><P></P><P>But the first problem is getting the switch to perform some kind of authetnication using RADIUS or T+.</P><P></P></BODY></HTML> Wed, 23 Nov 2005 09:11:22 GMT https://community.cisco.com/t5/network-access-control/mac-based-security-managed-centrally-acs-or-whatever/m-p/425406#M428193 andrewclymer 2005-11-23T09:11:22Z