cancel
Showing results for 
Search instead for 
Did you mean: 

MAC-based access control for WiFi VoIP

SOLVED
Highlighted
Conversationalist

MAC-based access control for WiFi VoIP

Need some assistance on this. I am trying to configure a VoIP SSID using MAC-based access control so that the WiFi phones do not need to authenticate to the network. However, I'm having issues with setting up the users in AD. The phones are Incominc ICW-1000 and require the username/password in AD to be the same. However AD won't let me due to password requirements, even through I disabled the complexity and history in the GPO. Any other way of configuring the SSID to auto-connect these phones with out getting too complex? 

 

Thank you!

Brad W

Tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Conversationalist

Re: MAC-based access control for WiFi VoIP

Thank you. I actually found that with Windows Server 2012, there is an Active Directory Administrative Center - which allows you to create separate policies based upon groups. If you add the WiFi Phone Users to that group, the policy overrides the Default Domain policy. Phones were added and connected to the network with no issues. Thanks all!

5 REPLIES 5
ww
Head in the Cloud
Kind of a big deal

Re: MAC-based access control for WiFi VoIP

What would be really cool if there was an option to use WPA2-PSK mode with RADIUS MAC authentication.

 

So when a device attaches you take their MAC address for their RADIUS username and the PSK they present for their password.

 

Then you get encryption, and you can authenticate every device individually.

Conversationalist

Re: MAC-based access control for WiFi VoIP

Thanks - but I think the big issue is my AD Password requirements - even though I've disabled the policy for complex passwords. The phones require a user account that the username and password are both the mac address - which AD doesn't like. 

ww
Head in the Cloud

Re: MAC-based access control for WiFi VoIP

Conversationalist

Re: MAC-based access control for WiFi VoIP

Thank you. I actually found that with Windows Server 2012, there is an Active Directory Administrative Center - which allows you to create separate policies based upon groups. If you add the WiFi Phone Users to that group, the policy overrides the Default Domain policy. Phones were added and connected to the network with no issues. Thanks all!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.