Security

Hi All

 

I know there are hundreds of articles about Mac authentication already and I have read many of them, just cant get my setup to work. 

 

The RADIUS part works fine, I know because I have an SSID that works via RADIUS and that is 100%. I am trying to make a new SSID that uses both RADIUS and MAC auth. This is becuase I will also make a new VLAN in my network for which I will add a rule on our Ironport web security to allow access without authentication on the proxy for this new subnet. I plan to use this new SSID for our mobile devices since the dont support AD auth on proxies

 

I will control access by forcing users to register their devices with helpdesk who will then add their mac addresses to get access to the wifi.

 

We are using AMP 8.0.1 Airwaves. I am having a really hard time understanding all the steps to enable MAC auth, profiles, roles, groups then add this one to that one and add this role initial etc. etc.

 

Can someone please put it simply here?

 

 

You cannot combine 802.1X and MAC-auth fallback. 

 

You can only use MAC address as an authorization source for a dot1X authentication.

Hi Tim

 

Thanks for the reply.

 

So I cannot have users authenticate via Radius with their AD accounts and then also with MAC?

I wanted to put the MAC addresses on a local database on Airwaves.

 

What you are saying is that I can use the Radius server but I must specify the MAC addresses as a condition in a policy?

You would need a policy engine to make decisions based on Mac address after an 802.1X authentication the featurset in NPS is very limited.