Security

What solutions do people have deployed to address 802.1x authentication in relation to mac addresses of machines? One solution is to use the internal db of the controller - which works fine if all your AP's use that controller or set of controllers. Not scalable when you have several sets of controllers as you would have to enter the mac address on each set of controllers.

At a high level I understand you can point the controllers to a central external system for that mac address checking. What I'm interested in is the specifics of what external system you would use and how you would set it up.  One example might be a Microsoft NPS server - but how do you get the mac address as a username and password into the NPS system, etc.

Thanks

Istong,

Do you already have a repository that already has usernames and mac addresses of all your devices in it, or you would like to somehow collect them on the fly and enter them into active directory?

Right now we just use the internal database on each pair of controllers.  So no we don't have the mac addresses in a central database or other store that all controllers can point to.  That's our goal and wondering what options we have that would support our needs. As I understand it we would need the central authentication device to hold the mac address as a username and password as well as a field for the role (authenticated) and an email address field we like to populate to tie the mac to a friendly name.