Re: IAS and MAC authentication

From: Ashwin Palekar\(MS\) (ashwinp_at_online.microsoft.com)
Date: 02/28/04

  • Next message: MacManMike: "Re: IAS and MAC authentication" 
    Date: Fri, 27 Feb 2004 20:14:28 -0800

    not possible without writing a IAS extension (See IAS SDK in MSDN). 

    -- 
-- 
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================
"MacManMike" <martinm@montevallo.edu> wrote in message
news:af9ef1fd.0402271352.9009d1f@posting.google.com...
> We have been experimenting and testing RADIUS authentication with
> Cisco Access Points against the Microsoft Internet Authentication
> Server (IAS) RADIUS software with pleasing results.  In our
> environment, 802.1x is not viable.  We can not touch all of our
> end-user machines (students specifically) and we have other wireless
> devices (printers for example) making 802.1x not possible.  Instead,
> we have been performing MAC authentication and it works well to a
> point.
>
> Specifically, these are the two cases:
>
> Case 1 - Client is in RADIUS database (WORKS GREAT!)
> --Client attempts to authenticate with the AP
> --MAC address is sent to RADIUS server from AP
> --MAC address is recognized by RADIUS server and appropriate VLAN
> information is sent to AP
> --AP places client in appropriate VLAN
>
>
> Case 2 - Client is not in RADIUS database (NOT
> WORKING..SUGGESTIONS???)
> --Client attempts to authenticate with the AP
> --MAC address is sent to RADIUS server from AP
> --MAC address is not recognized by RADIUS server (no account yet in
> database) and reject message is sent to AP
> --AP drops the connection attempt
>
> What we want, instead, is for the AP to place the not known user
> (reject) into a "Guest" VLAN so that the computer can be restricted,
> registered, and later logged on (if appropriate).
>
> Any suggestions?
>
> Thanks,
>
> D. Michael Martin, Jr.
> Network Administrator
> University of Montevallo
  • Next message: MacManMike: "Re: IAS and MAC authentication"

    Relevant Pages

    • Unable to get IP Address from DHCP server - 802.1x authentication
      ... user based VLAN authentication with Windows client as ... Authentication method: MD5-Challenge ... Login locally with the cached profile of user1 ... After entering the Radius server username & password the ...
      (microsoft.public.win2000.security)
    • Re: Etablishing a enterprise solution for guest and employee access
      ... > you can very simply set up two different remote access policies in IAS, ... > to handle guest authentication and one to handle employees. ... > configure IAS to assign the connection to a VLAN in the remote access ...
      (microsoft.public.internet.radius)
    • Re: IAS and remote DHCP server
      ... you can configure Cisco acces point to use IAS ... as the RADIUS server and use PEAP authentication for the clients. ...
      (microsoft.public.internet.radius)
    • Re: AP authenticating to via IAS configured as a RADIUS server
      ... No you don't need RRAS in this case and just running IAS is sufficient to ... > 2003 IAS configured as a RADIUS server. ... > presented with the authentication box to key in the credentials. ...
      (microsoft.public.win2000.ras_routing)
    • Re: Radius?
      ... "RRAS uses IAS for authentication". ... > Remote Authentication Dial-in User Service (RADIUS) server and proxy. ... >> I've been asked to setup a Radius server to authenticate all machines ...
      (microsoft.public.internet.radius)
    Loading