Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP-205 Issues getting MAC and 802.1x to work at the same time

This thread has been viewed 0 times

  • 1.  IAP-205 Issues getting MAC and 802.1x to work at the same time

    Posted Dec 17, 2014 11:50 AM

    My customer is looking to have both MAC authentication and 802.1x authentication to work on their internal SSID. Currently using windows server 2003 IAS for RADIUS authentication. Test users have been created with the MAC of the domain joined laptop we are testing with.

     

    If the SSID is enabled for JUST 802.1x, it connects successfully

     

    if the SSID is enabled for JUST MAC authentication, it connects successfully.

     

    when I tick the check box for "Perform MAC authentication before 802.1x"  I never see a request to the RADIUS server for the MAC authentication or the 802.1x and the connection fails.

     

    If I tick the checkbox for "MAC authentication fail-thru" then the connection goes through and I can see the 802.1x connection to the RADIUS server and it connects.

     

    Thoughts on where the disconnect could be with why the MAC authentication is not happening first?



  • 2.  RE: IAP-205 Issues getting MAC and 802.1x to work at the same time

    EMPLOYEE
    Posted Dec 17, 2014 11:51 AM

    MAC authentication is not designed to work with 802.1X.

     

    You can use the MAC address as an authorization point after an 802.1X authentication, but this would require a policy engine like ClearPass.



  • 3.  RE: IAP-205 Issues getting MAC and 802.1x to work at the same time

    Posted Dec 17, 2014 12:27 PM

    Ok, needs clearpass for both to work. Thanks for your quick response.



  • 4.  RE: IAP-205 Issues getting MAC and 802.1x to work at the same time

    Posted Dec 18, 2014 12:28 AM
    Actually this should work even with a third-party RADIUS server.. Can you share the output of 'show tech-support’ from your test bed? Can you consider opening a TAC ticket to debug?

    Thanks,

    Yan Liu