cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
635
Views
0
Helpful
4
Replies

Mac-Authen in 1141 AP not working with WPA!

praetoleiad
Level 1
Level 1

I want to have my stand-alone 1141 to do Mac-Authentication locally and have WPA running to let the AP run in 11n mode but it is not running. I have tried having an No Encr and Mac-Authentication and it works.

I have read an article that WPA and Mac-Authentication don't work together. Is it right?

Please enlighten me on this.

2 Accepted Solutions

Accepted Solutions

Nicolas Darchis
Cisco Employee
Cisco Employee

Hi,

indeed the simplest is to have WPA and mac filters. Mac authentication allows to authenticate mac addresses against radius. Mac filters is an access list with mac addresses stored on the AP itself.

ap(config)#dot11 association mac-list ?
  <700-799>  Ethernet address access list

You can then configure an ACL (with number between 700 and 799) to go with that.

Regards,

Nicolas

View solution in original post

No.

Note that it's not an access list applied on the radio interface. It's a dot11 association maclist as the command says. So it filters association requests only. So it is only applied to 802.11 association request frames.

Regards,

Nicolas

View solution in original post

4 Replies 4

Nicolas Darchis
Cisco Employee
Cisco Employee

Hi,

indeed the simplest is to have WPA and mac filters. Mac authentication allows to authenticate mac addresses against radius. Mac filters is an access list with mac addresses stored on the AP itself.

ap(config)#dot11 association mac-list ?
  <700-799>  Ethernet address access list

You can then configure an ACL (with number between 700 and 799) to go with that.

Regards,

Nicolas

MAC Filters, will this not affect AP's performance? coz as per understanding, each packet will be inspected and be compared to the access-list made.

No.

Note that it's not an access list applied on the radio interface. It's a dot11 association maclist as the command says. So it filters association requests only. So it is only applied to 802.11 association request frames.

Regards,

Nicolas

that's helpful sir! thank you..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: