cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
160
Views
0
Helpful
1
Replies

Authentication PSK & MAC-filtering for RADIUS AuthZ

trying to fill the gap here:
1) PSK authenticated SSID mapped to default L2VNID#1 (VLAN)
2) depending on the MAC-address client of SSID must be landed in either default or non-default L2VNID#2
u decide apply MAC-filtering to SSID & direct WLC to request ISE for AuthZ where u have configured non-default rule to match endpoint's MAC against designated EID-group & to return L2VNID#2 in Tunnel-Private-Group-ID. Default rule just returns AccessAccept (it's still needed for the rest of endpoints). Now u need all MACs targeted for L2VNID#2 to be members of designated EID-group. & u think u dont need to list rest of clients of SSID anywhere bc successful authentication requires matching proper PSK only. Everything looks good until u recall all clients of SSID are now subject of AuthC. u could configure default AuthC rule to use Internal Endpoints & it would do the job for that endpoints u coded as members of designated EID-group. But what to do for the rest of endpoints? u dont want to create separate EID-group for them. u think then about modifying default AuthC rule to look like this:

andydoesntlikeuucp_0-1725525006894.png
do u achieve the goal at this point? any ideas?

 

 

1 Accepted Solution
1 Reply 1