Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > using PEAP and want to add MAC matching to force VLAN

Reply
Thread Tools

using PEAP and want to add MAC matching to force VLAN

 
 
BerkHolz, Steven
Guest
Posts: n/a
 
      02-28-2005
I am currently using 1200 series APs and PEAP against MS IAS server to
authenticate "company" users for wireless.
This is working great. The machines auth with PEAP machine accounts and when
the user logs in, it switches to their user account for auth.

Now I need to add a Tandberg 880 videoconferencer to a different VLAN
outside the firewall to avoid H.323 problems.
It will have a fixed IP, so I do not need DHCP, etc.
It only supports WEP, so I need to use its MAC address for security.

I also want to be able to give guests access to a third VLAN that will give
them Internet via a linksys router with DHCP outside the firewall.
I figure using MAC addresses here is easiest as well, so I do not have to
alter their configs for PEAP and worry about certificates, etc.
I also do not want the employees on this network.

Issue:

I can not figure out how to keep my PEAP config on the 1200 AP and also do
MAC address matching with non-PEAP machines.
Can I still use MS-IAS for this? I know I can set the VLAN with MS-IAS.

Please offer any hints.



--
Steven BerkHolz
Send to Domain TESCOGroup dot com, username SB

Note: you may also want to know that you should never send mail to:
http://www.velocityreviews.com/forums/(E-Mail Removed)
(E-Mail Removed)
(E-Mail Removed)
(E-Mail Removed)
http://www.velocityreviews.com/forums/(E-Mail Removed)-abuse.org
(E-Mail Removed)
(E-Mail Removed)


 
Reply With Quote
 
 
 
 
Uli Link
Guest
Posts: n/a
 
      02-28-2005
BerkHolz, Steven schrieb:


> I can not figure out how to keep my PEAP config on the 1200 AP and also do
> MAC address matching with non-PEAP machines.
> Can I still use MS-IAS for this? I know I can set the VLAN with MS-IAS.


Are your 1200 AP run VxWorks 12.05?

With IOS you can set
Authentification requiremets as MAC + EAP or EAP per SSID

And with IOS 12.2(15)JA or later:
If you configure one or better two APs as WDS master and backup they can
use their local MAC list for all APs using this WDS. Works great for up
to 30 or 40 cards, else your config.txt will grow too much.

The internal RADIUS of the AP can force a list of allowed SSIDs per
group, but only LEAP or EAP-FAST or MAC. Not PEAP.

I haven't found how to configure W2K IAS for RADIUS MAC authentication,
I don't know a good reason why this should *not* be possible.

--
Uli

These opinions are mine. All found typos are yours.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Nike air force one, air force 1, air force one low cut, air force one abdul_razak@indiatimes.com Digital Photography 2 12-31-2008 04:29 PM
Nike Air Force Ones,Air Force One Air Force One-1,25th anniversary lky52112@gmail.com Digital Photography 0 01-15-2008 04:46 PM
Nike Air Force Ones,Air Force One Air Force One-1,25th anniversary lky52112@gmail.com Digital Photography 0 01-15-2008 04:34 PM
How to uninstall Cisco PEAP supplicant to use XP default PEAP =?Utf-8?B?RGVsb24=?= Wireless Networking 0 05-25-2007 05:50 AM
PEAP Configuration Woes - PEAP configuration help jester Cisco 1 12-20-2005 02:04 PM



Advertisments