Wireless (General)

Expand all | Collapse all

IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request

  • 1.  IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request

    Posted 06-15-2018 16:56
    IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request. This is preventing me from using IDE to authenticate using Mac Auth.


  • 2.  RE: IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request

    Posted 06-15-2018 17:12
    Hello Brian,

    Pls check the the device template in the config of this Authenticator (the WLAN Controller) to see if the ‘mac-address source type’ is set to ‘user-name’ instead of ‘calling-station’id’.

    Shmulik


  • 3.  RE: IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request

    Posted 06-18-2018 10:02
    Here is the details....




  • 4.  RE: IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request

    Posted 06-18-2018 10:06
    And here is the database entry for this MAC address:




  • 5.  RE: IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request

    Posted 06-18-2018 13:52
    Brian,

    Do you have MAC Auth enabled in the Authenticator configuration for that Cisco AP? and also have the appropriate MAC Auth Access Policy associated with that AP?

    Shmulik


  • 6.  RE: IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request

    Posted 06-18-2018 16:38
    Ok. Setting ‘mac-address source type’ to ‘user-name’ fixed the issue. One last related question. Will changing this option in IDE have any impact on 802.1x authentications or is this setting only used for MacAuth?


  • 7.  RE: IDE 9.4 is interpreting Mac Auth from a Cisco Wireless Lan Controller as a Radius intead of Mac Auth request

    Posted 06-18-2018 16:53
    No should not impact. Because you likely have various auth protocols enabled (incl. TLS and others) on the Authentication Policy, and the switch/AP will first attempt to auth via more secure protocols and IDE will respond accordingly.

    Shmulik