EAP-TLS and MAC Authentication
John McDonnell
mcdonnjd at pcam.org
Mon May 17 16:21:25 CEST 2010
> Hi,
> > I've been told that Cisco APs won't do WPA with MAC auth in recent
> versions of IOS.
>
> how would that have worked anyway - you need the key exchange and the
> right type of EAP for WPA and wireless
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
The only way I can think of it working was if using Cisco's local MAC list
on the AP itself. I tried testing briefly with EAP and MAC set FR only. In
about a minute or so, I received about 2K EAP requests all returning
Access-Reject. If I get a few spare moments to test, I'll try adding my
MAC to the local list and tell the AP to use the local list for MAC and FR
for EAP. I have a feeling this might work, but I am certainly not going
back to maintaining MAC lists on all of our APs (both because I'd have to
modify the APs again to have enough storage space to hold the MAC list and
because it's a pain to keep that many lists in sync) and I think using a
check in FR is a much cleaner solution in many ways.
--
John McDonnell
Penn Cambria School District
mcdonnjd at pcam.org
O< ASCII Ribbon Campaign - Stop HTML e-mail! - www.asciiribbon.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4102 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100517/92ca4d73/attachment.bin>
More information about the Freeradius-Users
mailing list