MAC-based access control for WiFi VoIP

Solved
BWalters1128
Conversationalist

MAC-based access control for WiFi VoIP

Need some assistance on this. I am trying to configure a VoIP SSID using MAC-based access control so that the WiFi phones do not need to authenticate to the network. However, I'm having issues with setting up the users in AD. The phones are Incominc ICW-1000 and require the username/password in AD to be the same. However AD won't let me due to password requirements, even through I disabled the complexity and history in the GPO. Any other way of configuring the SSID to auto-connect these phones with out getting too complex? 

 

Thank you!

Brad W

1 Accepted Solution
BWalters1128
Conversationalist

Thank you. I actually found that with Windows Server 2012, there is an Active Directory Administrative Center - which allows you to create separate policies based upon groups. If you add the WiFi Phone Users to that group, the policy overrides the Default Domain policy. Phones were added and connected to the network with no issues. Thanks all!

View solution in original post

6 Replies 6
ww
Kind of a big deal
Kind of a big deal
PhilipDAth
Kind of a big deal
Kind of a big deal

What would be really cool if there was an option to use WPA2-PSK mode with RADIUS MAC authentication.

 

So when a device attaches you take their MAC address for their RADIUS username and the PSK they present for their password.

 

Then you get encryption, and you can authenticate every device individually.

CARutledge
New here

Agreed, Kind of a big deal!

BWalters1128
Conversationalist

Thanks - but I think the big issue is my AD Password requirements - even though I've disabled the policy for complex passwords. The phones require a user account that the username and password are both the mac address - which AD doesn't like. 

ww
Kind of a big deal
Kind of a big deal
BWalters1128
Conversationalist

Thank you. I actually found that with Windows Server 2012, there is an Active Directory Administrative Center - which allows you to create separate policies based upon groups. If you add the WiFi Phone Users to that group, the policy overrides the Default Domain policy. Phones were added and connected to the network with no issues. Thanks all!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels