Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
9
Replies

Automatic MAC account creatation from Cisco WLC

elodie.lu
Level 1
Level 1

‎07-30-2013 07:21 AM - edited ‎07-04-2021 12:33 AM

We are creating a BYOD network, have any of you tried this?


1) First time user attempts to connect to byod_ssid they are presented with captive portal page that requests AD credentials.  In the back ground users MAC address needs to be captured.

2) All subsequent connections to byod_ssid are MAC authenticated.

I am not finding any documentation on this process from the Cisco side.  What do you think?  Is it possible?

Thanks!

Labels:
0 Helpful
9 Replies 9

Shaoqin Li
Level 3
Level 3

‎07-30-2013 08:54 AM

you may do this via DRW on ISE

configure ssid with mac filtering, then on ise confignauthz rule with redirect to drw... register your device... CoA sent by ise... connect again and should work

sth similar to below , instead you are using mab

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_guest_pol.html#wp1220041

Sent from Cisco Technical Support iPad App

0 Helpful

elodie.lu
Level 1
Level 1
In response to Shaoqin Li

‎07-30-2013 09:01 AM

Sorry, but I forgot to precise that we don't have an ISE

0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎07-30-2013 02:17 PM

Hello,

As per your query i can suggest you the following link to refer-

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml

Hope this will help you.

0 Helpful

elodie.lu
Level 1
Level 1
In response to Abhishek Abhishek

‎07-31-2013 12:30 AM

Is there any way to do it without ISE because we don't have this appliance?

0 Helpful

elodie.lu
Level 1
Level 1
In response to elodie.lu

‎08-01-2013 12:26 AM

is it possible to do this with  configuring a Fallback Policy with MAC Filtering and Web Authentication? but with enough security (layer 2 or 3) to avoid mac address spoofing

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to elodie.lu

‎08-01-2013 04:13 AM

No... any MAC address has to be manually entered in the WLC. There is no "capture these MAC address and store it" feature on the WLC's.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

elodie.lu
Level 1
Level 1
In response to Scott Fella

‎08-02-2013 12:48 AM

What about configuring a Fallback Policy with MAC Filtering and Web Authentication?

I want just use this option.

Normally, there is a local database and with enabling the mac filtering and on MAC Filter Failure I have to find the mac address of the authenticate device on the wlc local database.

Authentication is done via AD credentials on a web portal.

0 Helpful

elodie.lu
Level 1
Level 1
In response to elodie.lu

‎08-05-2013 03:24 AM

No suggestion?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎08-05-2013 03:55 AM

What exactly are you wanting to do? If you enter the MAC address manually, then that would work. If you expect the WLC to auto generate and store MAC address, it can't.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card