Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2081
Views
0
Helpful
1
Replies

802.1x MAB

Go to solution
tedauction
Level 1
Level 1

‎04-03-2017 01:40 PM - edited ‎03-08-2019 10:02 AM

Hello, I am trying to use wired 802.1x authentication from my switches, authenticating against Windows NAS server.

Is anyone else doing this using the Windows object class ' ieee802Device' to store the MAC addresses ?

...or does it only work if you use AD user accounts as MAC address containers ? (then there is a fine grained  password problem ?)

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Austin Sabio
Level 4
Level 4

‎04-04-2017 09:31 AM

True. according to cisco documentation as of 2011 its possible with object class 'ieee802Device

"Starting with Microsoft Windows Server 2003 Release 2 (R2) and Windows Server 2008, Microsoft Active Directory provides a special object class for MAC addresses called ieee802Device. By using this object class, you can streamline MAC address storage in Active Directory and avoid password complexity requirements."

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-663759.html

http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/trustsec/whitepaper_C11-717280.pdf

Apparently, that was not the case below.  

https://supportforums.cisco.com/discussion/11213796/8021x-mab-microsoft-nps-ieee802device-object-group

https://social.technet.microsoft.com/Forums/windowsserver/en-US/592048e4-930a-4f04-96b5-120ef3c4dbd6/8021x-microsoft-nps-ieee802device-object-group-mac-authentication-fallback?forum=winserverNAP

I hope this helps. Good luck!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Austin Sabio
Level 4
Level 4

‎04-04-2017 09:31 AM

True. according to cisco documentation as of 2011 its possible with object class 'ieee802Device

"Starting with Microsoft Windows Server 2003 Release 2 (R2) and Windows Server 2008, Microsoft Active Directory provides a special object class for MAC addresses called ieee802Device. By using this object class, you can streamline MAC address storage in Active Directory and avoid password complexity requirements."

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-663759.html

http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/trustsec/whitepaper_C11-717280.pdf

Apparently, that was not the case below.  

https://supportforums.cisco.com/discussion/11213796/8021x-mab-microsoft-nps-ieee802device-object-group

https://social.technet.microsoft.com/Forums/windowsserver/en-US/592048e4-930a-4f04-96b5-120ef3c4dbd6/8021x-microsoft-nps-ieee802device-object-group-mac-authentication-fallback?forum=winserverNAP

I hope this helps. Good luck!

0 Helpful
Customers Also Viewed These Support Documents