locked
Radius Authentication using MACs without user accounts RRS feed

  • Question

  • Hello all I am trying to configure our new Radius servers using MAC authentication for the time being so we are not required to reconfigure every phone and switch on site which includes about 3000+ phones and 200+ switches.

    I am trying to configure the MAC addresses using wildcards.  We have been able to get the connection request to process but I am never able to get the Network Policy to even hit.  Most of the columns in the SQL log show NULL including the calling station id and the it is eventually rejected because no policies match.  Everything shows fine when processing the connection but does not seem to transfer over to the network policy.  Does anyone know of a guide or have any tips on getting this properly configured?

    Thursday, July 28, 2016 11:24 PM

All replies

  • Hi Adam,

    Have you Enabled MAC address authorization on access servers?

    You could reference the link below to deploy RADIUS server for authenticate MACs:

    MAC Address Authorization

    https://technet.microsoft.com/en-us/library/dd197535%28WS.10%29.aspx?f=255&MSPPError=-2147217396

    Best Regards

    John

    • Proposed as answer by John Lii Wednesday, September 14, 2016 6:46 AM
    Friday, July 29, 2016 8:00 AM
  • Thanks John

    I will check that registry key when I get in.  The switches should be properly configured.  I am able to authenticate PCs through domain accounts and previously we used the account method to authenticate the phones using MACs.  With the new 2012 servers I do not believe we modified any registry keys.  Would performing this change cause the PCs to no longer authenticate as they are?

    Friday, July 29, 2016 12:57 PM
  • Looking at this again step 3 still requires the creation of user accounts.  Will NPS not authenticate just off MAC addresses added to the policy in NPS?
    Friday, July 29, 2016 1:45 PM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards

    John


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 6, 2016 9:07 AM