WPA with local MAC address authentication

Similar Messages

• MAC Address Authentication

  Guys,
  I just want to know. Can I use the MAC Address Authentication without RADIUS server to join the SSID in my Aironet 1242?
  I am using Autonomous mode.
  Thank you very much for your attention.
  Regards,
  Edwin

  Edwin,
  Yes I believe you can.
  I am not familar with all the methods available, but I have used these methods in the past.
  1. This method applies the MAC address filtering globally across all dot11 interfaces on the device.
  dot11 association mac-list 700
  access-list 700 permit mac.address address.mask
  2. This method applies the MAC address filtering on a per interface basis, and requires bridging.
  interface Dot11Radio0.x
    bridge-group x input-address-list 700
  access-list 700 permit mac.address address.mask
  3. MAC Address Authentication to the Network - This method is best described in the following document.
  http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/SecurityAuthenticationTypes.html#wp1034875
  Method #3 may not be supported in certain IOS versions on certain platforms.
  Others may know of additional methods, and/or correct any errors In the information I have presented here.
  Hope this may be of help to you.
  regards

• How can i get local MAC address?

  How can i get local MAC address or desk ID?
  thanks a lot;

  How can i get local MAC addressUse the command line command ipconfig or ipconf (depending on o.s.)
  or desk ID?Look at the desk and see if it has a number on it.
  (Untested as my desk doesn't have an id)
  thanks a lot;Your welcome.

• Cisco Aironet Remove Local MAC Address List (all)

  Hi All,
  I need to remove all MAC addresses in the LOCAL MAC Address List on a Cisco Aironet. I do not want to remove running config on the device as we have changed over to a RADIUS Server.
  Can anyone give me some advice please?

  I have found a solution, please close this forum post.

• Solaris local-mac-address setting

  Hi all,
  Having 10gR2 Clusterware and RAC on two Solaris 10 sparc, is it required to set the EEPROM settng local=mac-address? to true so that each network card will use its own MAC address instead of the server unified MAC address? Did anyone see it in Oracle documentation for Solaris?

  In order to avoid MAC address conflicts between the primary and standby NIC's, a unique
  ethernet MAC address must be assigned to each network interface (NIC) on the server. On
  Solaris, this can be done by setting the "local-mac-address?" PROM variable to TRUE (the
  default value is FALSE) on each cluster node.
  Regards
  Marc

• Computer names persistently associated with a MAC address causing problems

  Our WDS server will assign out a computer name like CompanyName###  This is great.
  The problem is sometimes WDS will assign a computer name that is getting associated with the MAC address somehow--I assume this is what's happening--and kick a computer off the domain that now has that computer name. 
  Is there some way I can disable the association of computer names with MAC addresses, or persistent computer names?

  Hi,
  How did you define your naming policy in WDS or in your answer file?
  3.1.1.4 Machine Naming Policy
  http://msdn.microsoft.com/en-us/library/dd871418.aspx
  Please also check this hotfix:
  Windows Deployment Services generates duplicate client computer names when the %MAC variable is used
  http://support.microsoft.com/kb/957051
  Hope this helps.

• Synching desktop Address Book with my .Mac Address Book. Is it possible?

  Can i sync my desktop address book with my .Mac address book?
  Thanks.

  I am also having this problem with my address book synching to .Mac. But my calendar and bookmarks have appeared with no problem so I'm not doing anything wrong -and I haven't created custom profiles either. Do you really think this is due to the lead up to Mobile Me? If so, why did the bookmarks etc sync with no problem? It is frustrating because this is what I really need to access.

• How can I sync my iPhone5 contacts with my Mac Address Book

  How can I sync my iPhone 5 contacts with my Mac Address Book?

  Are you have Lion or Mountain Lion on your Mac?

• 802.1x phone with two MAC address

  Hello,
  I have following scenario: Computers are connected behind phones, and phones are authenticating with MAB. The problem is with phones, because they have two mac addresses one is in voice vlan and another is in data vlan. Both phone and computer are authenticated successfully but when switch sees additional MAC address of phone in data vlan it shuts down port. Here is sample configuration:
  interface FastEthernet0/1
  switchport mode access
  switchport access vlan 10
  switchport voice vlan 15
  authentication host-mode multi-domain
  authentication port-control auto
  dot1x pae authenticator
  authentication violation shutdown
  mab
  spanning-tree portfast

  Can you verify if the phone's mac address is being learned on the data vlan and the voice vlan? Because cisco phones use cdp to discover if a voice vlan is configured on the switchport before forwarding traffic.
  Please issue a show mac address table interface x/y after bouncing the port to see what is causing the port to error disable.
  Also what version of code is running on the switch and phone?
  Thanks

• WLC+LAP+ACS4.0 achieving 802.1x PEAP and MAC address authentication ?

  How to configure WLC + LAP + ACS4.0, achieving username and password authentication and MAC address at the same time

  This might help with the PEAP:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00807917aa.shtml
  MAC Authentication
  Add a MAC Address to ACS
  Complete these steps:
  1. From the ACS main menu, click on the User Setup button.
  2. In the User text box, enter the MAC address to add to the user database.
  Note: The MAC address must be exactly as it is sent by the AP for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is being reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.
  3. On the User Setup screen, enter the MAC address in the Secure-PAP password text box.
  Note: The MAC address must be exactly as it is sent by the AP for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is being reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.
  4. Check the Separate (CHAP/MS-CHAP) box.
  5. Enter a password for CHAP/MS-CHAP (this password should be different from the MAC address).
  6. Click Submit.

• Is there any way to locate an iPad with a MAC Address and a Serial Number?

  I happen to know the MAC Address for my recently stolen iPad.  Is there any way to use that to locate an IP address the next time it accesses the web?

  Not really. Other software would have to be installed on the device to locate it. That's what Find My iPhone is for (and it's free).
  File a report with your local police.

• Thinkcentr​e Edge M-Series with duplicate mac address

  We have a lot of Edge M-Series all with the same MAC address appears in Bios (F1), using Windows 8.1 perhaps need to modify media access control with custome address, it's there an Bios update available or any issue to fix this ?

  Have you updated to the latest BIOS?  
  If so, then:   In device manager/network adapters, check the intel ethernet device, under the advanced tab, the ability to set the locally admin address (MAC.)

• ISG session with duplicate mac addresses - ASR 1k

  Hello all,
  I have an issue with current ISG implementation on ASR 1k.
  We have subset of subscribers that are authenticated based on their mac address and another subset that are authenticated based on their c-vlan/s-vlan tag which is derived from nas-port-id. If two subscribers have identical mac addresses and one is authed based on mac and the other is based on c-vlan/s-vlan, the last one to auth kicks the previous authenticated session and takes it's place, which is totaly unacceptable. 
  For subscribers with mac based auth, session initiatior is unclassified mac address, as for c-vlan/s-vlan based auth it is dhcp request.
  Forgive the lack of details, if anything I am ready to supply any available and open info. Personaly I think this is just shortcoming of ASR 1k s ISG implementation, because I know for a fact that 9K BNG handles this situation very well and has a more precise definition of c-vlan/s-vlan than 1k.
  Any ideas on how to tackle this?

  Hi,
  Not sure if it would be possible since mac address is probably being used as a session key for both sessions (that's why the latest subscriber to come up, takes over the first one) even if you are using different identifiers (mac-address vs c-vlan/s-vlan).
  Are these L2 subscribers or routed subscribers?
  Could you provide a configuration of the ISG?
  Regards.

• ISE 1.2 disable endpoints with certain mac address

  Hi All,
  We have an AD to authenticate for wireless users. In AD, we have specified to block the user if the password is entered wrongly for more than 3 times. The problem is some of them are using other user ID and locking the accounts. I have gotten the MAC address of the user. Can anyone please advise how to block the request from this MAC from even reaching the AD.
  Thanks

  You have two options from ISE and one option from the WLC:
  The first option which is not very scalable is to modify your authentication policy to deny access to an specific MAC address(Radius:Calling station ID). But this is not very scalable as you can only specify one MAC address.
  Your second option is to enable the anomalous client suppression(under systems->settings->protocols->RADIUS). This will be your best option but it would require a bit of testing to identify what are the best values for your environment.
  From the controller you can enable the excessive 802.1x authentication failures. By default it won't even send the fourth authentication to ISE for a failing endpoint:

• Router receives a frame/packet with unknown MAC address

  Hi Everyone,
  Lets assume that a router received a frame/packet on an interface due to switch did not have the destination mac address listed on its mac address table and therefore broadcatsed this packet out of all ports, and router receives that packet that was not even intended to reach it. Would the router route that packet or drop? Just wondering if my assumption is true and router would drop a frame/packet that it receives on an interface if the destination MAC address of this frame/packet is not a MAC address of the routers's interface that it was received on.
  Thanks!

  Hey but I don't think router ever does a destination mac check! (that's surprising indeed), looks like router does not check the destination information, until it strips off ip packet from the frame! have a look at what a router does when it receives a frame (with any destination mac addr) here:-
  http://www.ciscopress.com/articles/article.asp?p=2244117&seqNum=2