07-11-2012 03:26 AM - edited 03-10-2019 07:17 PM
Hello,
could you recommend me how i can accomplish the following task, I need to configure ACS 5.2 to authenticate WIFI users.
There is two types of users: domain users and not domain users. i want to authenticate the domain users with PEAP-MSCHAPv2.
And not domain users i want to authenticate by host lookup(MAC).
The question is how correctly organize access policy? Do I need several access services or one access service will be enough.
Thanks in advance.
Solved! Go to Solution.
07-11-2012 04:24 AM
Hi,
Your understanding is quite close but however for MAB to work to work with wireless users, you will have to turn on the option for mac filtering for the SSID. This setting is global and will always be triggered unlike port based authentication where you can set an authentication sequence.
You can create one service policy and within that you can multiple authorization polices. For the identity settings of this policy you will have to create an identity store sequence so that either AD is used first then internal hosts is used second or vice versa. For the identity setting you will have to set the flag for user not found to continue.
Let me know if that works.
Thanks,
Tarik Admani
Please rate if helpful!
07-11-2012 04:24 AM
Hi,
Your understanding is quite close but however for MAB to work to work with wireless users, you will have to turn on the option for mac filtering for the SSID. This setting is global and will always be triggered unlike port based authentication where you can set an authentication sequence.
You can create one service policy and within that you can multiple authorization polices. For the identity settings of this policy you will have to create an identity store sequence so that either AD is used first then internal hosts is used second or vice versa. For the identity setting you will have to set the flag for user not found to continue.
Let me know if that works.
Thanks,
Tarik Admani
Please rate if helpful!
07-12-2012 02:57 AM
Anatoly Fedchik wrote:
Hello,
could you recommend me how i can accomplish the following task, I need to configure ACS 5.2 to authenticate WIFI users.
There is two types of users: domain users and not domain users. i want to authenticate the domain users with PEAP-MSCHAPv2.
And not domain users i want to authenticate by host lookup(MAC).
The question is how correctly organize access policy? Do I need several access services or one access service will be enough.
Thanks in advance.
Hello,
Check out the below link for wirless authentication with use of Cisco ACS
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml
Hope to Help !!
Ganesh
Rate if it Help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: