Authenticate per MAC-Address? Best-practice? RRS feed

  • Question

  • Securing Complexity with Cisco NAC Appliance (Clean Access): A Technical View

    Hi everybody,


    im testing NAP for my company. So far everything is working very well.

    I followed the step by step guide for 802.1x enforcement and NAP with Windows Clients is working very well.


    But we have a lot of devices that are not 802.1x capable, like IP-Phones, Printers ...

    What does Microsoft advice to handle these devices?


    Allowing access to no compatible devices is no option for us.

    We tried to authenticate the devices per mac-address, but entering 400+ mac-addresses into one field (Calling-Station-Id) and keep this up-to-date is also no option. Using a regular expression would open access for 5-6 vendors and their devices.


    Thanks & Regards

    A. Girrbach

    Monday, June 16, 2008 10:02 AM