When you have enabled the MAC filtering and a user tries to access the WLAN that is configured for MAC filtering, the client MAC address is validated against the local database on the WLC, and when the database on the WLC is empty, I believe the client will not be granted access to the network.
For more details about MAC Filtering in WLC, please follow the following link:
Just a comment/question (I am sorry if I am breaking in the conversation).
I am using 2 WLANs, one with Security WPA+WPA2 and one with MAC Filtering, while in both WLANs the users join - in with accounts that I have created (manually for now...) on ISE.
I have just observed that on WLC under clients menu, the users that have joined in the WLAN with the MAC authentication are listed with the MAC addresses of their devices and not with their username (like on the WPA+WPA2 WLAN)
Is there a way to find the username (client) that is logged in a specific MAC aunthenticated device? This is will quite useful for monitoring of users (and services)
When you create a MAC address filter on WLCs, users are granted or denied access to the WLAN network based on the MAC address of the client they use.
There are two types of MAC authentication that are supported on WLCs:
Local MAC authentication
MAC authentication using a RADIUS server
With local MAC authentication, user MAC addresses are stored in a database on the WLC. When a user tries to access the WLAN that is configured for MAC filtering, the client MAC address is validated against the local database on the WLC, and the client is granted access to the WLAN if the authentication is successful.
By default, the WLC local database supports up to 512 user entries.
The local user database is limited to a maximum of 2048 entries. The local database stores entries for these items:
Local management users, which includes lobby ambassadors
Local network users, which includes guest users
MAC filter entries
Exclusion list entries
Access point authorization list entries
Together, all of these types of users cannot exceed the configured database size.
In order to increase the local database, use this command from the CLI:
<Cisco Controller>config database size ?
<count> Enter the maximum number of entries (512-2048)
Alternatively, MAC address authentication can also be performed using a RADIUS server. The only difference is that the users MAC address database is stored in the RADIUS server instead of the WLC. When a user database is stored on a RADIUS server the WLC forwards the MAC address of the client to the RADIUS server for client validation. Then, the RADIUS server validates the MAC address based on the database it has. If the client authentication is successful, the client is granted access to the WLAN. Any RADIUS server which supports MAC address authentication can be used.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...