Mac-Auth with IAS works but is not scalable because of the number of required "remote access policies". Basically one remote access policy is required per MAC-Address.
Because the MAC-Address is not send in the RADIUS username attribute but in the RADIUS calling-station-id attribute, you need to match, in the remote access policy, the condition called "calling-station-id" and when that condition is matched, allow "unauthenticated access". This will do the trick.
I'm trying to accomplish the same thing. I have the AP configured to query the IAS server to authenticate MAC addresses. I cant even seem to create a remote access policy that will allow this to happen. I had this all working perfectly on a trial version of Cisco's Secure ACS and figured it would be as easy as changing the Ip addresses of the radius server int he AP config and creating a user id for each MAC on the Microsoft server.
This obviously has not worked. if anyone can offer any king of help with this I'd be thankful.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...