IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request


Userlevel 1
IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request. This is preventing me from using IDE to authenticate using Mac Auth.

7 replies

Userlevel 2
Hello Brian,

Pls check the the device template in the config of this Authenticator (the WLAN Controller) to see if the ‘mac-address source type’ is set to ‘user-name’ instead of ‘calling-station’id’.

Shmulik
Userlevel 1
Here is what the MacAuth from the Cisco Wireless Lan Controller looks like

Userlevel 1
Here is the macauth details...

Userlevel 1
Here is the details....

Userlevel 1
And here is the database entry for this MAC address:

Userlevel 2
Brian,

Do you have MAC Auth enabled in the Authenticator configuration for that Cisco AP? and also have the appropriate MAC Auth Access Policy associated with that AP?

Shmulik
Userlevel 1
Ok. Setting ‘mac-address source type’ to ‘user-name’ fixed the issue. One last related question. Will changing this option in IDE have any impact on 802.1x authentications or is this setting only used for MacAuth?
Userlevel 2
No should not impact. Because you likely have various auth protocols enabled (incl. TLS and others) on the Authentication Policy, and the switch/AP will first attempt to auth via more secure protocols and IDE will respond accordingly.

Shmulik

Reply