Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Mac Filtering + WLC 5508 + layer 3 or 2 authentication

I want use mac filtering on wlc with a layer 3 or 2 authentication or other, I need a second authentication, is it possible?

Just to precise that I work with FreeRadius and I want that :

              - The first authentication : if the mac address of the device belong to mac filtering table (the table for this moment it's on the wlc)

              - The seconde authentication :  layer 2 or 3 authentication or if the user belong to Active diretory WITHOUT TAPING ANY PASSWORD (transparent for the user)

5 REPLIES

Mac Filtering + WLC 5508 + layer 3 or 2 authentication

If you have MAC Filters applied on the WLC these run independently of any authentication you have for the SSID.

For your second authentication itøs Layer 2 authentication you need, and it will be up to your RADIUS to authenticate the users based on credentials/machine.

Thanks

Chris

Mac Filtering + WLC 5508 + layer 3 or 2 authentication

So I'm a little confused by what you are asking for.

Are you wanting to do both mac filtering (sent to your AAA Server) and an EAP Type?

if so, yes this is possible, in the WLAN config there is an option for mac filtering, and you can still do Layer 2/3 security.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Hall of Fame Super Silver

Re: Mac Filtering + WLC 5508 + layer 3 or 2 authentication

Why do something that isn't a good idea? Mac authentication is just overhead and management nightmare. No matter what you do, you have to push out a profile to the devices or else you will have to manually add the wireless profile. Do you have active directory? Do you have a PKI infrastructure?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: Mac Filtering + WLC 5508 + layer 3 or 2 authentication

Yes, I have AD and PKI infrastucture, how can I push out a profile to the devices or else you will have to manually add the wireless profile ?

Re: Mac Filtering + WLC 5508 + layer 3 or 2 authentication

Hello Sali,

As per your query i can suggest you the following solution-

The first authentication should be radius authentication.

And for the second authentication you can use local web authentication.

Hope this will help you.

367
Views
0
Helpful
5
Replies