Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1015
Views
0
Helpful
5
Replies

Cisco Aironet 1600 (AP) - problem with Mac-Authentication

PatrykIT
Level 1
Level 1

‎10-02-2023 03:16 AM - last edited on ‎10-02-2023 04:09 AM by Community Manager

Hello
We encountered an unusual problem with our Cisco Aironet 1600 access point device.
Our goal is to enable authorizations using mac-filtering.
When entering the Access point in Security -> Advanced Security there is a 'Local MAC Address List' which is supplemented by our already defined MAC addresses that will have access to this access point.

MACS_Cisco_IOS_Series_AP.png

 

Then, in SSID Manager, select the appropriate network (from the SSID list), select the 'Open Authentication' option with the 'With Mac Authentication' option.

_Cisco_IOS_Series_AP.png

And unfortunately, here is our problem... when this option is enabled, the user tries to connect... it asks him for a login and password :).
When the option is disabled, it only asks him for the WPA Pre-shared Key.

Has anyone ever encountered such a problem?
The goal is for the user to be able to enter the pre-shared key as usual, but for the AP to allow only those devices that are defined on the mac-addresse's list mentioned above.
I've also attached few screen-shot that maybe could make a much clear point of what we've set.

Thank you for all your time and help

AP_AUTH.pngAP.png

 

Exact model of our AP / Cisco AIR-SAP1602I-E-K9

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎10-02-2023 04:44 AM

so what version of code running, what mode the AP running ?

you are looking fall back mechanish, if the PSK fails and you like to use MAC authentication  ?

check some guide lines :

https://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3-3/cg15-3-3-chap11-authtypes.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

PatrykIT
Level 1
Level 1
In response to balaji.bandi

‎10-02-2023 05:23 AM

It's

 Product/Model Number:AIR-SAP1602I-E-K9
System Software Version:15.2(2)JB

 

I want the main authorization to be authorization via PSK along with MAC authorization.
This means that when the client connects and is asked for a password and provides it (correctly), but it is not on the white list, it will not be allowed.

If such a thing is impossible, I would like it to be only authorization via mac-address (without PSK enabled).

I also read the guide you linked and performed the steps according to the manual, here is the quote: "If you do not have a RADIUS server on your network, you can create a list of allowed MAC addresses on the access point's Advanced Security: MAC Address Authentication page. Devices with MAC addresses not on the list are not allowed to authenticate."

0 Helpful

Rich R
VIP
VIP
In response to PatrykIT

‎10-02-2023 04:51 PM

In theory I think it should work but the problem you have is that the AP and the software are both already past end of support: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1600-series/eos-eol-notice-c51-737506.html

You could try upgrading to the last release of software 15.3(3)JF15:
https://software.cisco.com/download/home/284366503/type/284180979/release/15.3.3-JF15
but there's no guarantee that will solve the problem, and there are known bugs in the GUI in that release (which will never be fixed).

I'd suggest rather checking your config on the CLI because the autonomous AP IOS was known to have some bugs in the GUI interface.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

PatrykIT
Level 1
Level 1
In response to Rich R

‎10-04-2023 12:54 AM

I'll come back with an answer of update with the result.
If this doesn't fix the problem, I'll do it from the CLI and let you know if I can solve it this way.

Perhaps someone else could use the information if they have simillar problem.

0 Helpful

PatrykIT
Level 1
Level 1
In response to PatrykIT

‎10-12-2023 01:14 AM

Unfortunately, I was unable to update due to the inability to download the update from the manufacturer's website, as a license is required? to be able to download it.
However, when it comes to CLI, I was not able to click it to achieve the intended effect.
Unfortunately, the ticket is closed as unresolved. All that remains is to purchase a new access point.

Thank you for your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card