01-31-2014 09:52 AM
Hey all, I have a MAC authentication question.
I have set up a SSID and created the appropriate firewall policies (Which work) however I also want to add a layer of security with Mac Authentication.
I have MAC Auth enforced and the initial Role set to "Denyall". Basically if the MAC addy is not in the Internal DB then they should have the inital role set to them and they cannot do anything. Problem is, im testing on a computer first that is not in the Database and it is still allowing me to access whatever I would usually access (If i was authenticated)
Any help would be greatly appreciated!
Solved! Go to Solution.
01-31-2014 10:53 AM
Can you please shared your config ?
show rights <intial role>
show aaa profile <mac auth profile>
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
01-31-2014 10:57 AM
01-31-2014 11:18 AM
Yes, both Mac Authentication Profile and MAC Authentication Server Group are configured.
AAA Profile Config
Initial Role: denyall
MAC Authentication Default Role: Development-Access
Enforce Machine Authentication: Yes
01-31-2014 11:19 AM - edited 01-31-2014 11:22 AM
I have ran into situations where a device had a previous successful authentication and the controller "remembered" the device. I had to manually kick the client for the network. After that it worked normally.
Like Cappalli mentioned you will need to configure these parameters so the controller will know how to process the request and where to look for the entry.
The Server group configuration:
The MAC profile configuration:
After creating these you can apply them to your AAA profile:
01-31-2014 11:30 AM