Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

domain authentication with mac address restrictions

I am in a branch office and I have one WLC 5508 and one ACS 4.2 with three WLANs:

WLAN1 with SSID1: for company computers and laptops

WLAN2 with SSID2: for ipads and tablets

WLAN3 with SSID3:  for guests

I am asked to configure WLAN2 as “WLAN2: Provides the Wi-Fi connectivity to ipads and tablets, with back end security using domain authentication with mac address restrictions.

3 REPLIES
Hall of Fame Super Silver

Re: domain authentication with mac address restrictions

So for WLAN 2, you would use 802.1.x PEAP (AD Credentials) and you can also use MAC address filter for that WLAN in the WLC. Here is a guide on Mac filtering.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml

I'm guessing your okay with the other SSID's and your radius policies since your only asking about WLAN 2.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

domain authentication with mac address restrictions

Thanks Scott. My only one active directory domain is mapped to ACS group 2 which maps to VLAN1 with WLAN1. Is it possible to map the same domain to another group 3 where my VLAN2 with WLAN2. Like one domain to many groups in ACS. If not what do you thinik is the solution for this case?

Thanks,

Hajir

Hall of Fame Super Silver

domain authentication with mac address restrictions

You would need to create a seperate policy and be able to have a seperation between the two policies... It's kind of hard to explain, but you would have for example:

Policy 1:

Wireless user on this SSID WLAN1

AD on this AD Group (Machine)

Policy 2:

Wireless user on this SSID WLAN 2

AD on this AD Group (USer)

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
171
Views
0
Helpful
3
Replies