Using mac-adresses for authentication

How do we configure our controllers/radius-servers to use MAC-addresses instead of authenticate against a certain group in the AD? We would, if possible, like to combine these two ways of authentication in on SSID.
We're running 7.0.116.0 on our controllers (5500-series) and our radius-servers are one W2k8 and one W2k3.

On wireless we might manage to avoid MAC-authentication altogether. The possible exception is about 20 devices which can handle our network as it is today but where all the default policies on our domain causes a lot of extra work.
On the wired network we haven't got any protection what so ever today. We have now started the process of separating out critical equipment and try telling a CT-scanner (I work at a hospital) that it's got to use certificates ;-) The plan for all regular computers is to use the same (though slightly modified) policy as we're using for wireless today but that leaves all the "weird" medical devices which don't have antivirus, can't handle certificates and generally don't do security... In the end the medical equipment will end up on one set of vlans and the regular computers on another with a firewall regulating access.
Since we're starting with the wireless I asked here :-)

Similar Messages

  • I want to use Mac Mail for my work email address, which containts multiple outbound options (i.e. hr@, me@ etc). Is there a way to set up Mac Mail to have an account with multiple outbound addresses rather than adding in multiple accounts?

    I want to use Mac Mail for my work email address, which containts multiple outbound options (i.e. hr@, me@ etc). Is there a way to set up Mac Mail to have an account with multiple outbound addresses rather than adding in multiple accounts?

    This sounds like the age old problem with keychain & Safari. I don't know of a way to solve it without using something like 1Password.
    The iOS app has it's own built in browser, so it has more control over what gets autofilled. Safari on OS X has an 1Password extension that handles account selection & autofill etc.
    Keychain is great in principle, but it quickly falls down when you need tight integration with many ID's & different use cases (work, home etc).
    I'd suggest you submit feedback to Apple about your thoughts. I did so years ago about this issue & this is how far we have come (back to the point where me.com synced passwords) :^)
    http://apple.com/feedback/macosx.html
    Other tools like lastpass or keypassx may also help if you want to truly segregate password storage, but that doesn't fix autofill, the way around that issue is to dedicate one browser for work.

  • How can I use accounting status for authentication on ACS?

    Dear all,
    I'm using ACS 5.5 to authenticate dot1x users on my switches.
    I have enabled accouting reports on my switches. I can see the accounting reports abut the net usages of every user on the monitring secton.
    However, I was wondering if there is any option to use this accounting reports on authentication policies t limit the users' net usage?
    I use the ACS for authenticating my hotspots and I haveno access on limiting the net usage there too.
    If there is any solution, it wuld help me a lot.
    Thanks

    Hi Masood,
    Please go through the following path that describes the reports available when you select Monitoring and Reports, launch Monitoring and Report Viewer, then select Monitoring and Reports > Reports > Catalog.
    For more information about managing the reports in ACS 5.5, please go through the following link:
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/viewer_reporting.html#wp1121647

  • After time capsule 7.6 Firmware upgrade I can't set up Access Control / Timed Access using mac adresses.

    After time capsule 7.6 Firmware upgrade I can't set up Access Control / Timed Access using mac adresses.
    I have a Time Capsule and an Airport express and when I change access control parameters on whatever one of those
    two devices through Airport Utility its duplicating the same setup on the other device !
    What a mess !
    I had to choose "Not Enabled" in the Access Control stup window.
    Has anyone experienced same problem ?
    Jean.

    I did downgraded firmware to 7.5.2 ...
    and the Acess Control Setting from Airport Utility is back to normal behaviour.
    Jean.

  • How can I find my Mac Adress for the Ethernet Port from a Apple Airport Express Device ?

    How can I find my Mac Adress for the Ethernet Port from a Apple Airport Express Device ?

    You can only locate, lock or erase your device when it is logged into iCloud and 'Find My Phone' is enabled, additionally the device will need to be switched on and connected to a wifi or cellular network.
    Unfortunately, you cannot activate iCloud or 'Find My Phone' remotely.

  • Using Mac mini for storage

    Hello Folks,
    Quick question: can I use the mac mini for storage only? I have loads of movies, music and tv shows that I want to store.
    How would this work if at all possible?
    Alternative advice on EHD that I should rather use?
    Thanks!
    JDT

    Yes, and target disk mode, or firewire over IP or setting it up as a file server are all possibilities. But given there are faster more capacious hard drives for less, I would get that instead unless there is some feature of the Mac Mini that a simple hard drive can't do that you need. I.e. Front Row, Media Central or other software can be used to see your data on a TV. An external hard drive attached to your desktop Mac together with an AppleTV can do the same thing but the media formats are more limited.

  • Use different portals for authentication and collaboration

    Hello,
    I would like to request your help on a portal issue.
    I have installed a dual stack(ABAP+Java) Enterprise Portal (EP 6 - NW 7).
    The  ABAP stack is required in order to implement user collaboration.
    However, another requirement is that the users be authenticated through
    an LDAP server (Microsoft Active Directory 2008).
    Because of the ABAP stack, it is not possible to connect the portal to the LDAP.
    In order to implement LDAP authentication, another EP instance was installed on the
    same machine which has only Java stack and not ABAP.
    This Java-only EP was successfully connected to the LDAP directory.
    My question is IF and HOW it is possible to have the users login to the ABAP+Java portal
    using the Java-only portal to authenticate.
    Regards,
    Kontogianni Eleni

    Hi Craig,
    this is not really our case. What we want to achieve is to be able to use one portal (Java only) for user authentication using the LDAP directory and the other one for all other portal services.
    We tried to implement a solution similar to the one that you mentioned but there were some problems. We would have to redirect the login page of the ABAP+Java portal to the login page of the Java-only portal. Also the Java only portal logon page would have to redirect to the other portal after successfull login.
    It would require a great deal of programming in order for the users to be able to work in one portal and be redirected to the other portal and back only for authentication.
    The solution of federated portals seams more feasible.
    Regards,
    Eleni

  • Can we still use PEAP-MSCHAPV2 for authenticating to a WPA2-Enterprise network?

    L.S,
    For authenticating to a BYOD wireless network a lot of companies use WPA2-Enterprise connected to a Microsoft IAS/NPS server to authenticate against Active Directory. There seems to be a way to intercept this wireless traffic using a roque accesspoint using the same (company) SSID-name and tools like freeradius-WPE and cloudcracker.
    If the BYOD client doesn't check the certificate provided by the fake radius server, the MSCHAPv2-negotiation can be discovered and the hacker will get the username AND hashed password which can be lookup'd by rainbow tables sites like cloudcracker.
    Is there still a safe way to deploy AD-authentication to BYOD clients?
    Kind Regards,
    Arjen

    I have tested the WPA2-enterprise/PEAP-MSCHAPv2 exploit this week placing a laptop in my car on the company parking lot with a Kali image, using hostap and freeradius-wpe configured with the company SSID. It was very easy to find out the mschapv2 challenge/responses of a number of android/windows phones that there just walking past my car. Also iPhone has a bad WPA2-enterprise implementation (see: http://research.edm.uhasselt.be/~bbonne/docs/robyns14wpa2enterprise.pdf), so bye bye WPA2-enterprise/PEAP-MSCHAPv2.
    Wonder what other (large) companies are using for their BYOD wireless networks! EAP-TLS using certificate sounds like the only feasible option, however, we are afraid that the enrolment of certificates to the BYOD-clients will be a total disaster. I heard stories that some android phones lose their client certificate after a reboot :(

  • Using Mac Mail for Gmail - controlling which folders to sync

    Using Mac Mail app for my Gmail, is there a way to control which folders I'm syncing with?  I have 90k+ archived messages, which I don't need to have on my desktop.  Is there a way to keep that from syncing?
    iMac 27"
    Updated to latest version of Mavericks.

    Go into the Gmail web portal and open Settings. Go to Labels tab and set it to not show those folders in IMAP.

  • Using Mac-Mini for movie / TV entertainment center

    Hi all,
    Can someone steer me into right direction? I'd like to use my MacMini as my main entertainment center to view my movies, music,TV, etc. and would like to know what will I need to make viewing pleasurable? I'd like to get a 42" display. I'd also like to add 5.1 digital surround sound. I'll also be using my Mac mini for web surfing and emails. Thanks for your help
    Web dude

    I just finished my setup, and I'm quite satisfied. I bought a Mac Mini to use as the media center and bought the Elgato EyeTV 250+ to get digital television over the antenna, which also allows you to use your mac as a DVR. I send the video to a Sony projector via DVI to HDMI cable, and the audio goes to my old surround sound receiver via the headphone jack to RCA. If you don't have a receiver yet, I'd get one that has optical audio input since the headphone jack on the mini also has optical out. I also use a firewire external hard drive to store video.
    I continue to use my DVD player to play DVD's instead of the mini, simply because if there are any scratches (especially on rentals) the mini doesn't work through them as well as my DVD player. I plan on ripping my collection to the external drive so that I don't have to deal with disks at all though.
    For the keyboard and mouse, I got the logitech dinovo mini keyboard because it has a trackpad integrated in the keyboard. While some of the buttons lack functionality, I will probably use ControllerMate to program them as well as difficult keyboard shortcuts. The other nice thing is if you have a "learning" programable remote because you can program it with the apple remote signal as well as the EyeTV remote and reduce the amount of clutter on the couch.

  • Used Mac Options for AppleCare

    If I purchase a used mac book, and the factory warranty is still in effect, can I purchase applecare?

    Yes.

  • Can I use Mac Pro for a server?

    I hope this is the right place to ask this....
    I have an older Mac Pro G5 (10.5.8) Desktop.  I cannot update it past Leopard. So now I have a newer MacBook Pro.  I was wondering if I could utilize my old Mac Pro as some sort of "server"?
    It has the origninal smaller drive but I added an additional 1TB SATA drive that is just sitting there doing nothing.
    I rip a lot of movies to my MacBook Pro so I am already out of storage on it.   I keep moving movie files to my Time Capsule (1TB) in which I have partitioined off 300MB to use for media storage.
    I have an Apple TV that I connect to my MacBook Pro but when I'm gone, the family can't use the ATV.
    So, all that being said, can I somehow set up my older Mac Pro to use as a "server" and move all my media/photos/videos/songs to?  Or should I just copy everything to the 1TB drive on the Mac Pro and just access it through ATV like I do my MBP?
    Any suggestions would be appreciated.
    Thanks,
    Ehren

    You absolutely could use your old Mac Pro as a server, however you still won't be able to update it passed 10.5.8.
    That said, you should be able to store your media on it, and share it to your AppleTV through iTunes, barring any incompatibilites with the older software. I haven't looked into the system requirements for home sharing in a while. You might want to take a quick check and make sure everything is good to go.

  • Want to use Mac's for public access in public library -- NEED HELP please.

    We have a grant to replace all of the computers in our small town public library. I would like to be able to consider Macintosh computers (would Love to, actually) but have not been able to find any information about how to do that.
    Biggest issue is "access management". We have a system for PCs that logs on a patron by using their library card number and a PIN. That system then allots them an hour or two to use the computer, times them, warns them when time is running out and so on, and it also manages printer access and charges a few cents per page to print.
    We need that for Macs. The software maker gets all attitude about "we have 2000 libraries with PC's and Zero with Macs." ARGH!
    Help help help.
    Also... please point me to anyone at Apple that knows what a public library is and would like to help us overcome this attitude problem.
    We have a grant and can buy the computers. We just need some help to get it done.
    Thanks!

    This article:
    http://docs.info.apple.com/article.html?artnum=304035
    And the fact there is Smart Card access in:
    http://www.apple.com/macosx/features/300.html#security
    Suggest you may be able to do this with the operating system itself. Apple Support has specialists you can request to speak to about how to setup such systems when you call them:
    http://www.apple.com/contact/phone_contacts.html
    I've never setup such a system, but given that other features I've been able to ask about and get specialists to help me, suggest that's probably the most logical course to go.
    Message was edited by: a brody

  • Using Mac Word for Windows software using Parallels

    Hello,
    I'm using Parallels. I'm running a Windows program. The program has an export to Word function. I do not have Word on Windows, I just have  MS Office on the Mac side. When I Export to Word in Windows, it says I need to have Word installed. Is there a way to have my Windows software utilize Word using Office for Mac?
    Thanks!

    Sorry, but no. Save the file on your Mac OS X volume if you have third-party software on Windows that enables you to write to a Mac drive. Or find out if you really need to have Word installed in order to export a file from your program to a Word compatible file.

  • 802.1x Mac-Adress Based Authentication

    I am wondering if we are going to see or now have the ability to authenticate hosts on the lan with something other than a Username / Password? I am mostly concerned with ports on my network that the end device is a non 802.1x compliant device. Anyone have any insight as to what others are doing? Currently i am running ACS 3.3.2 and I am very succesful in deploying 802.1x to ports on my LAN, however we run a mix of unix based devices which are vendor supported and printers are another source of concern.

    We had pretty good luck using a Cold Fusion front end that forces users to authenticate with their AD credentials. It pulls the MAC address and host name and user/machine details and puts them in an ODBC database.
    We modified the sample stub routine to have the CSDB stub routine add the MAC to the local database in the PAP field.
    Kind of a nice compromise of identity and machine based authentication without the complexities of PEAP/EAP-FAST etc.

Maybe you are looking for

  • Help with IF and SELECT

    Greetings, I have a program where some users can request awards for themselves or other users. Only approved people can request for others. I have a table called OnBehalf that has the UserID of approved users. I have a vaiable called same, if it is =

  • Where html pages located, which created by using APEX?

    Hi, I am using APEX 2.1(Oracle XE) to develop an app, would like to know where html pages stored? In other word, how can I put the existing html pages into APEX web server? I don't want to run two web servers on same computer. This question may relat

  • Database Rostore - Very Urgent.

    Hi guys, Thanks in advance for help, I'm new to Oracle. Our clinet has given us the some backup files of its Oracle 8i- CTL1ORCL.ORA INIORCL.ORA LOG1ORCL.ORA And many .ORA files 1 big .DBF file I want to restore them. How to go about it? 1 more quest

  • How to develop movie media player

    Hi I would like to develop the media player with Play, Pause, Stop, rewind, fast forward and show time indicator for my school project. Something like window multimedia play but simple with basic function. Please help anyone. Eagleone

  • Inbox-CPS not clearing out .wif files

    I just upgraded ZAM 7.5 to IR8 and ever since the update, the .wif files are just piling up in the inbox-cps folder. Has anyone else experienced this with IR8?