cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
661
Views
5
Helpful
6
Replies

MAC Authetication with ACS Server

carijit
Level 1
Level 1

Hi,

We have a list of trusted MAC addresses in excel format. We want to implement security in such a way that whenever a user connects to the network, the ACS server will look in this list to see whether the MAC exhists or not. If it exhists in the list it will then go for PEAP AUthentication else it will not allow the device on the network.

Port based security wont be a option here as the users are wireless here.

I will highly appreciate any help with a solution here.

Thanks

Arijit

6 Replies 6

smalkeric
Level 6
Level 6

I really don't think there is a way of doing this.

I'm not to strong on ACS so I won't say that this is possible but a little bell ringin at the back of my mind keeps saying it is. Regardless of that since you say the users are wireless you can put a MAC filter on the AP that will restrict based on MAC first then if they match up on the AP MAC list they are passed on to the ACS for PEAP authetication. This put a little more burden on the AP but you should be fince as long as you are not oversubscribed

Here is the link on how to do this on an AP1200

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_installation_and_configuration_guide_chapter09186a0080148696.html#1034987

Hope this helps.

Please remember to rate all replies

markedavis
Level 1
Level 1

You can have ACS do the MAC authentication but I don't believe you can do it with a .xls or .csv file.

To add the MAC addresses to ACS just add a new user with the username being the MAC Address and the Cisco Secure password also the MAC address. I used this with WEP before moving to EAP.

Bingo. I knew a NetPro would chime in sooner or later on how this could be done

I didn't think that the original poster wanted to reference the .xls or .csv files though. I thought they were saying that they have this information in that format and wanted to know how it could be used (putting the MAC address in an access list etc.) I hope the poster didn't take my reply to mean that the AP could somehow reference an external file like that.

Hi,

Thanks for the responses. Adding MAC addresses to each and every APs wont be a feasible idea because we have around 100 APs with another 300 trusted MAC addresses.

The way I was thinking of implementing it was we would have to convert the list(.csv file) of trusted MAC addresses to a MS Access Database and create a external database in the ACS server with ODBC connectivity. Since that csv file already have MAC addresses, ACS server will talk to the Access database via ODBC and look for the MAC authentication. Theoritically it seems fine but I was trying to get if someone have tried this practically or not.

If someone has I will appreciate if you please share your experience with us.

Thanks Again,

Arijit

I know budget may be an issues but with over 100 APs you should take a hard look at Cisco's Wireless LAN Solution Engine. http://www.cisco.com/en/US/products/sw/cscowork/ps3915/index.html

You can manage your APs from a central point and only need to make config changes in one place and push it out to every AP.

Review Cisco Networking for a $25 gift card