NAC Appliance and NPS for MAC Authentication

  • 0
  • 1
  • Question
  • Updated 9 months ago
  • Answered

Let me preface this by saying I am brand new to NAC.  I am setting up a windows 2012 NPS server as a RADIUS Proxy in NAC to authenticate clients via MAC Address.  My question is how the NAC appliance knows which OU to look in for the MAC Address.  I have dug around and cannot find anything pertaining to this.  When using NPS as a RADIUS proxy for IdentiFI Wireless it was a matter of creating Access Polices.  Is it the same for NAC?  Any help is appreciated.
Photo of dcsdne

dcsdne

  • 178 Points 100 badge 2x thumb

Posted 9 months ago

  • 0
  • 1
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,734 Points 5k badge 2x thumb
Hello,

Typically we don't proxy MAC authentication to the back end NPS RADIUS server. In a typical deployment MAC authentication is handled locally, and the NAC is designed to auto accept any MAC authentication request regardless of password, username, or even RADIUS shared secret. MAC Authentication is used to identify the end system, more than as an authentication mechanism. 

We do have a few customers that use NAC to proxy the MAC authentication back to NPS, but there isn't much known regarding what their configuration is. I suspect they have users with either usernames of the MAC address, or an alias that serves as the username of the MAC address.

Thanks
-Ryan
Photo of dcsdne

dcsdne

  • 178 Points 100 badge 2x thumb
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,734 Points 5k badge 2x thumb
Hello,

Are you looking for configuration of MAC authentication or 802.1x authentication?

All you have to do for MAC authentication is put the switch in the "Switches" tab, enforce the NAC, and verify RADIUS is configured on the switch. :edit: Also you'll need to make sure MAC authentication is enabled on the desired ports as well. :edit:

For 802.1x check out the following: 

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-NTLM-authentication-on-EA...

Thanks
-Ryan
(Edited)