Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Mac Authentication using 2650 switch and Microsoft IAS

SOLVED
Go to solution
Nikil Deo
Occasional Advisor

Mac Authentication using 2650 switch and Microsoft IAS

Hi,

I am trying to setup a 2650 switch to use mac-authentication to a radius server before allowing communication.

I have setup the switch and in the IAS logs I can see the authentication requests coming through.
They are all being rejected by IAS though.

I think my error is in setting up the authentication configuration in IAS.

Can someone give me any guides on how I can set it up? Has anyone done it before?

Thanks
7 REPLIES
Matt Hobbs
Honored Contributor
Solution

Re: Mac Authentication using 2650 switch and Microsoft IAS

Nikil Deo
Occasional Advisor

Re: Mac Authentication using 2650 switch and Microsoft IAS

Thanks heaps!

It's working now!
Nikil Deo
Occasional Advisor

Re: Mac Authentication using 2650 switch and Microsoft IAS

I've run into a different issue now.

My understanding is that the switch sends the following information to the radius server

username: mac address
password: mac address

The issue is that I'm authenticating this against Active Direcotyr by using IAS. In our domain we have the password complexitiy group policy set. Hence we are unable to setup users in AD with the username and password being the same.

Is there a way we can configure the switch to send a different password to the radius for authentication?

Or alteratively if there is another way around this solution. We didn't want to go down the certificate path as yet as we are pushed for time.
David_UNL
Occasional Advisor

Re: Mac Authentication using 2650 switch and Microsoft IAS

Nikil

Did you have any luck with working thru this?

We have the same issue, we are using 802.1x for devices that support it, then falling back to mac address authentication for other devices (that have tighter controls via ACL's)

Cheers
David
Daniel Ramirez
Occasional Visitor

Re: Mac Authentication using 2650 switch and Microsoft IAS

Hi, I had to disable the "Password must meet complexity requirements" policy in "Domain Security Policy" and "Domain Controller Security Policy" to achieve MAC authentication.
David_UNL
Occasional Advisor

Re: Mac Authentication using 2650 switch and Microsoft IAS

Yeh, tested it like that, but is not an option - need to have the password complexity enabled for standard users.

Other devices allow you to use the radius secret as the device password when authenticating to the radius server, ideally this would be great!

Cheers
David
Nikil Deo
Occasional Advisor

Re: Mac Authentication using 2650 switch and Microsoft IAS

Hi David,

I did manage to get it working. I used a software package from specops software which allows multiple password policies for a single domain. This allowed me to leave the password complexity requirements policy for user accounts and then i created another policy for mac address accounts.

I recall reading a document somewhere which also said the switch can authenticate on behalf of the end device using the radius key but I never tried it.