Cisco Support Community
Community Member

Issue with RADIUS based MAC filter on 5760

Hi all,

I am currently in the process of testing WPA2 secured wireless LAN with a MAC filter hosted on the very same ACS server, which is used for user authentication. The MACs themselves however are not hosted on the ACS but stored on an LDAP server.
I got it to work without issues when using say a 5508.

The ACS log only said that the user authentication failed, but no further reason.

I did a debug on the whole communication between the 5760 to the ACS to the LDAP server and noticed one difference. The packet capture revealed that the password send along with the LDAP bind request when authenticating over the 5760 is not the same as the one using a 5508. It seems to be scrambled. Subsequently I wanted to know what happens, when using the ACS directly as the MAC hoster. Did not work either. I suspect something similar here as well. Unfortunately I cannot directly view the clear text user-password attribute in the RADIUS request, as it is encrypted.

Did anyone else stumble upon this pitfall and managed to get it to work?


Everyone's tags (1)
Community Member

With help from TAC this issue

With help from TAC this issue could be solved.

The necessary commands are found in the AAA server group.

aaa group server radius server_grp
 subscriber mac-filtering security-mode mac|none|shared-secret
 mac-delimiter colon|hyphen|none|single-hyphen

CreatePlease to create content