02-26-2016 02:23 PM - edited 07-05-2021 04:41 AM
Hello
I am in the process of configuring guest wifi network using WLC and ISE. I configured Open authentication and mac address filtering so that I can monitor and allow the users based on mac addresses.
Problem:
Once I am authenticated, ISE profiled my device and can access the network. However I can spoof the mac address of the profiled device (my phone) and am able to connect from my laptop using the same mac. No further authentication is needed to access the wifi.
Wanted to check if there is any solution on WLC or ISE to prevent spoofing?
Please advise
Thanks
Venkat
02-26-2016 03:04 PM
OPEN authentication and MAC address filtering ... will work well in a lab but in production someone will have to manually add and remove the MAC address. Not efficient.
Kindly explain the thinking for enabling MAC address filtering. I mean it's more than easy to just have a PSK and the key gets changed regularly (daily or weekly).
02-27-2016 04:40 PM
Actually when the mac is passed to ISE it is automatically seen on the user self registration page so the user don't have to enter the mac. I didn't prefer PEAP with certs as they have to be managed and sent securely to the users
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide