Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
1
Replies

Help with inconsistant MAC authentication on AP1200's

tpelley
Level 1
Level 1

‎10-10-2006 04:48 AM - edited ‎07-04-2021 01:17 PM

I am troubleshooting an issue with a wireless LAN that consists of 9 identical 1200 series AP's. All 9 AP's are configured the same except for IP and Hostname. There are 74 Wireless users at this site, they are required to authenticate to the AP's using a WEP key + MAC. All 74 MAC addresses have been entered into the access points manually from the command line.

The problem we are having is that as the number of MAC address has grown, an increasing number of the clients can no longer authenticate. They associate OK but are unable to authenticate and pick up an IP address. It also seems that the further down the list of MAC addresses in the list the client is, the more likely the problem is to happen.

Example: New Acer laptop MAC address is entered into the local database and appears at the end of the list. This laptop will not authenticate. when this MAC is entered in a fashion that places it at the top of the list, it will authenticate without any problems. This may or may not cause one of the previously entered MAC's which was authenticating to loose its ability to authenticate as it has now been bumped further down the list of MAC addresses in the local database.

I have read that MAC addresses should be entered using the CLI due to an issue that only allows the first 43 MACS to be entered from the GUI. We have been entering all MACS from the CLI as follows:

username 00aa11bb22cc password 00aa11bb22cc

username 00aa11bb22cc autocommand exit

All units are running IOS 12.3(2) JA2

Labels:
0 Helpful
1 Reply 1

a.kiprawih
Level 7
Level 7

‎10-15-2006 04:03 PM

Based on experienced, if more wifi clients exists in the network, it's recommended to use external authentication database like Cisco Secure ACS.

Like you mentioned, web-brower only allows you to enter the first 43 MACs. If you have more than that, you need to use CLI which support max of 2,048 MACs. But to have hundreds of MACs in every APs is a huge task, and less practical.

With Cisco Secure ACS, it allows you to eliminate AP's authentication-related issues, managed the user database and helps network admin to manage the wifi services efficiently.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00805e7a13.shtml

HTH

AK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card