https://community.cisco.com/t5/network-access-control/802-1x-mac-based-authentication/m-p/382468#M433354 <HTML><HEAD></HEAD><BODY><P>If the ACS will do Mac authentication, I am confused as to why this would not solve the rouge AP problem. If any device was plugged into the switch that was not configured for access in the ACS server, could you not force it into some sort of guest vlan?</P></BODY></HTML> Thu, 21 Oct 2004 00:47:43 GMT Billy Dodson 2004-10-21T00:47:43Z https://community.cisco.com/t5/network-access-control/802-1x-mac-based-authentication/m-p/382466#M433352 <P>We have Cisco ACS 3.3 is there a way to do authentication based on mac address, instead of username and password? We are looking to stop things such as user purchased access points and what not. Any info would be great.</P> Sun, 10 Mar 2019 20:51:38 GMT https://community.cisco.com/t5/network-access-control/802-1x-mac-based-authentication/m-p/382466#M433352 Billy Dodson 2019-03-10T20:51:38Z https://community.cisco.com/t5/network-access-control/802-1x-mac-based-authentication/m-p/382467#M433353 <HTML><HEAD></HEAD><BODY><P>The ACS will do Mac authentication, but it will not solve the rouge AP problem. To accomplish MAC authentication it is neccessary to configure the ACS and the AP. Any attemps made to connect through an AP that has been configured for MAC authentication will not be allowed unless they hav an account on ACS. As for controlling the rouges, I can only suggest using port security on your swtiches.</P></BODY></HTML> Wed, 20 Oct 2004 19:07:11 GMT https://community.cisco.com/t5/network-access-control/802-1x-mac-based-authentication/m-p/382467#M433353 scottosan 2004-10-20T19:07:11Z https://community.cisco.com/t5/network-access-control/802-1x-mac-based-authentication/m-p/382468#M433354 <HTML><HEAD></HEAD><BODY><P>If the ACS will do Mac authentication, I am confused as to why this would not solve the rouge AP problem. If any device was plugged into the switch that was not configured for access in the ACS server, could you not force it into some sort of guest vlan?</P></BODY></HTML> Thu, 21 Oct 2004 00:47:43 GMT https://community.cisco.com/t5/network-access-control/802-1x-mac-based-authentication/m-p/382468#M433354 Billy Dodson 2004-10-21T00:47:43Z https://community.cisco.com/t5/network-access-control/802-1x-mac-based-authentication/m-p/382469#M433355 <HTML><HEAD></HEAD><BODY><P>Yes you are right, I misunderstood you. I was under the impression that you were talking about doing MAC based authentication on your AP's, not the switches. That is why I made mention to port security. </P><P></P><P>The 2 options would be standard port security or 802.1x port security if you switches support this. </P><P></P><P>In order to use the 802.1X port security, your switch would need to support it and the clients connecting to the switch would require a supplicant (EAP-TLS, EAP-TTLS, etc) in order for them to work, not by MAC address alone. </P><P></P><P>You can configure standard port security on the switch which will accomplish your intentions and not even need to use the ACS server. </P><P></P><P>standard port base security by MAC:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a008007d3ce.html" target="_blank">http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a008007d3ce.html</A></P><P></P><P>802.1x port based security:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801a6c72.html" target="_blank">http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801a6c72.html</A></P></BODY></HTML> Thu, 21 Oct 2004 13:07:09 GMT https://community.cisco.com/t5/network-access-control/802-1x-mac-based-authentication/m-p/382469#M433355 scottosan 2004-10-21T13:07:09Z