This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC Appliance and NPS for MAC Authentication

NAC Appliance and NPS for MAC Authentication

dcsdne
New Contributor III

‎02-28-2018 02:41 PM



Let me preface this by saying I am brand new to NAC. I am setting up a windows 2012 NPS server as a RADIUS Proxy in NAC to authenticate clients via MAC Address. My question is how the NAC appliance knows which OU to look in for the MAC Address. I have dug around and cannot find anything pertaining to this. When using NPS as a RADIUS proxy for IdentiFI Wireless it was a matter of creating Access Polices. Is it the same for NAC? Any help is appreciated.
0 Kudos
3 REPLIES 3

Ryan_Yacobucci
Extreme Employee

‎02-28-2018 07:33 PM

Hello,

Are you looking for configuration of MAC authentication or 802.1x authentication?

All you have to do for MAC authentication is put the switch in the "Switches" tab, enforce the NAC, and verify RADIUS is configured on the switch. :edit: Also you'll need to make sure MAC authentication is enabled on the desired ports as well. :edit:

For 802.1x check out the following:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-NTLM-authentication-on-EA...

Thanks
-Ryan
0 Kudos

dcsdne
New Contributor III

‎02-28-2018 06:24 PM

I found this article

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-authorise-Windows-domain-user-compu...

However I'm stuck at using the NAC Appliance itself as a RADIUS server. I was able to setup my NPS as RADIUS servers using shared keys...

0 Kudos

Ryan_Yacobucci
Extreme Employee

‎02-28-2018 04:48 PM

Hello,

Typically we don't proxy MAC authentication to the back end NPS RADIUS server. In a typical deployment MAC authentication is handled locally, and the NAC is designed to auto accept any MAC authentication request regardless of password, username, or even RADIUS shared secret. MAC Authentication is used to identify the end system, more than as an authentication mechanism.

We do have a few customers that use NAC to proxy the MAC authentication back to NPS, but there isn't much known regarding what their configuration is. I suspect they have users with either usernames of the MAC address, or an alias that serves as the username of the MAC address.

Thanks
-Ryan

0 Kudos
GTM-P2G8KFN