Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
0
Helpful
5
Replies

Mac Filtering + WLC 5508 + layer 3 or 2 authentication

salilai01
Level 1
Level 1

‎07-17-2013 08:15 AM - edited ‎07-04-2021 12:27 AM

I want use mac filtering on wlc with a layer 3 or 2 authentication or other, I need a second authentication, is it possible?

Just to precise that I work with FreeRadius and I want that :

              - The first authentication : if the mac address of the device belong to mac filtering table (the table for this moment it's on the wlc)

              - The seconde authentication :  layer 2 or 3 authentication or if the user belong to Active diretory WITHOUT TAPING ANY PASSWORD (transparent for the user)

Labels:
0 Helpful
5 Replies 5

Chris Illsley
Level 3
Level 3

‎07-17-2013 09:11 AM

If you have MAC Filters applied on the WLC these run independently of any authentication you have for the SSID.

For your second authentication itøs Layer 2 authentication you need, and it will be up to your RADIUS to authenticate the users based on credentials/machine.

Thanks

Chris

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎07-17-2013 09:25 AM

So I'm a little confused by what you are asking for.

Are you wanting to do both mac filtering (sent to your AAA Server) and an EAP Type?

if so, yes this is possible, in the WLAN config there is an option for mac filtering, and you can still do Layer 2/3 security.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎07-17-2013 01:31 PM

Why do something that isn't a good idea? Mac authentication is just overhead and management nightmare. No matter what you do, you have to push out a profile to the devices or else you will have to manually add the wireless profile. Do you have active directory? Do you have a PKI infrastructure?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

salilai01
Level 1
Level 1
In response to Scott Fella

‎07-18-2013 12:38 AM

Yes, I have AD and PKI infrastucture, how can I push out a profile to the devices or else you will have to manually add the wireless profile ?

0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎07-17-2013 05:52 PM

Hello Sali,

As per your query i can suggest you the following solution-

The first authentication should be radius authentication.

And for the second authentication you can use local web authentication.

Hope this will help you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card