Solved: Re: Aironet 1100 Mac Authentication Issues/Problems

pedroclaro2002 · ‎11-16-2004

I have two aironet 1100 access points and i require to activate the mac authentication. First of all, I managed to do all the things I needed (add/remove mac addresses) using the web interface. After that, I tried to use the telnet console. Then the problems emerged. I'm not using or considering using any radius server or other type, just the local AP database. How can I add a new user to the local database? I've tried to use the comand "username mac_address 7 password .... " but then I require a encrypted password which I don't really know. And how can I remove a username (macaddres) from the local database? I don't see any reference to this in any of the Cisco manuals. Sorry for the newbie question but I'm quite lost. Please advise.

paddyxdoyle · ‎11-17-2004

Hi,

The following should allow you to add local MAC address authentication on your AP using the CLI

…on Access Point using Local List

username password 0

username autocommand exit

aaa authentication login local

interface Dot11Radio0

ssid

vlan

authentication open mac-address

If you want to remove a MAC address from the CLI you need to negate the command:

no username password 0

If you were to use local authentication of MAC addresses and then fall back to a RADIUS sever if the MAC address wasn't available locallly you can use:

…using Authentication Server if MAC address not found in Local List

username password 0

username autocommand exit

aaa authentication login local group

aaa group server radius

server auth-port 1645 acct-port 1646

radius-server host auth-port 1645 acct-port 1646 key 0

interface Dot11Radio0

ssid

vlan

authentication open mac-address mac_methods

and similarly if you only want MAC address authentication to be provided via a RADIUS server you would use:

…using Authentication Server only

aaa authentication login group

interface Dot11Radio0

ssid

vlan

authentication open mac-address

aaa group server radius

server auth-port 1645 acct-port 1646

radius-server host auth-port 1645 acct-port 1646 key 0

HTH

Paddy

View solution in original post

dixho · ‎11-16-2004

Go to the GUI. Click on "SECURITY" and "Advanced Security". You can define the MAC address there.

pedroclaro2002 · ‎11-17-2004

Thanks for answering my post, but I would like to configure the access point using telnet (console) commands, not the GUI, since I'm developing some telnet scripts. This way I can add/remove mac addresses in an automatic way.

paddyxdoyle · ‎11-17-2004

Hi,

The following should allow you to add local MAC address authentication on your AP using the CLI

…on Access Point using Local List

username password 0

username autocommand exit

aaa authentication login local

interface Dot11Radio0

ssid

vlan

authentication open mac-address

If you want to remove a MAC address from the CLI you need to negate the command:

no username password 0

If you were to use local authentication of MAC addresses and then fall back to a RADIUS sever if the MAC address wasn't available locallly you can use:

…using Authentication Server if MAC address not found in Local List

username password 0

username autocommand exit

aaa authentication login local group

aaa group server radius

server auth-port 1645 acct-port 1646

radius-server host auth-port 1645 acct-port 1646 key 0

interface Dot11Radio0

ssid

vlan

authentication open mac-address mac_methods

and similarly if you only want MAC address authentication to be provided via a RADIUS server you would use:

…using Authentication Server only

aaa authentication login group

interface Dot11Radio0

ssid

vlan

authentication open mac-address

aaa group server radius

server auth-port 1645 acct-port 1646

radius-server host auth-port 1645 acct-port 1646 key 0

HTH

Paddy

pedroclaro2002 · ‎11-17-2004

Great answer paddy, thanks. I'm going to try your list of commands right now. I never thought removing users by using the prefix "no".

paddyxdoyle · ‎11-17-2004

No problem.

I have been making notes regarding MAC authentication as its useful to know how to configure from the CLI, i rarely use the GUI to be honest.

I've used all three of the CLI methods for MAC authentication on Aironet 350 and 1200's without any issues.

Thanks

Paddy