Security

Reply
Frequent Contributor II
Posts: 118
Registered: ‎02-10-2011

Centralized database for mac address - 802.1x machine authentication

What solutions do people have deployed to address 802.1x authentication in relation to mac addresses of machines? One solution is to use the internal db of the controller - which works fine if all your AP's use that controller or set of controllers. Not scalable when you have several sets of controllers as you would have to enter the mac address on each set of controllers.

 

At a high level I understand you can point the controllers to a central external system for that mac address checking. What I'm interested in is the specifics of what external system you would use and how you would set it up.  One example might be a Microsoft NPS server - but how do you get the mac address as a username and password into the NPS system, etc.

 

Thanks

 

 

Guru Elite
Posts: 21,279
Registered: ‎03-29-2007

Re: Centralized database for mac address - 802.1x machine authentication

Istong,

 

Do you already have a repository that already has usernames and mac addresses of all your devices in it, or you would like to somehow collect them on the fly and enter them into active directory?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 118
Registered: ‎02-10-2011

Re: Centralized database for mac address - 802.1x machine authentication

Right now we just use the internal database on each pair of controllers.  So no we don't have the mac addresses in a central database or other store that all controllers can point to.  That's our goal and wondering what options we have that would support our needs. As I understand it we would need the central authentication device to hold the mac address as a username and password as well as a field for the role (authenticated) and an email address field we like to populate to tie the mac to a friendly name.

Search Airheads
Showing results for 
Search instead for 
Did you mean: