Thursday
Jan202011
802.1x: Machine Access Restriction 'Vulnerability'
Thursday, January 20, 2011 at 21:45
Today we ran into a feature of the Machine Authentication Restrictions (MAR) option in the Cisco Secure ACS Radius server. It seems that when you're using the ACS for 802.1x authentication, you have the option of demanding that the authenticating users can only be authenticated when the computer is already authenticated. This way, you make sure that no user can access the network without a legitimate PC.