4-35
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-03
Chapter 4 Security Setup
Setting Up MAC-Based Authentication
Step 3
Follow this link path to reach the Address Filters page:
a.
On the Summary Status page, click
Setup
.
b.
On the Setup page, click
Address Filters
under Associations.
Step 4
Select
yes
for the option called
Is MAC Authentication alone sufficient for a client
to be fully authenticated?
Step 5
Click
Apply
. When you enable this feature, the access point follows these steps
to authenticate all clients that associate using open authentication:
a.
When a client device sends an authentication request to the access point, the
access point sends a MAC authentication request in the RADIUS Access
Request Packet to the RADIUS server using the client’s user ID and password
as the MAC address of the client.
b.
If the authentication succeeds, the client joins the network. If the client is also
using EAP authentication, it attempts to authenticate using EAP.
c.
If MAC authentication fails for the client, the access point allows the client
to attempt to authenticate using EAP authentication. The client cannot join
the network until EAP authentication succeeds.
Enabling MAC-Based Authentication in Cisco Secure ACS
Cisco Secure Access Control Server for Windows NT/2000 Servers (Cisco Secure
ACS) can authenticate MAC addresses sent from the access point. The access
point works with ACS to authenticate MAC addresses using Secure Password
Authentication Protocol (Secure PAP). You enter a list of approved MAC
addresses into the ACS as users, using the client devices’ MAC addresses as both
the username and password. The authentication server’s list of allowed MAC
addresses can reside on the authentication server or at any network location to
which the server has access.
Follow these steps to create a list of allowed MAC addresses in Cisco Secure
ACS:
Step 1
On the ACS main menu, click
User Setup
.
Step 2
When the User text box appears, enter the MAC address you want to add to the
list.