cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

380
Views
0
Helpful
1
Replies
loadingload
Beginner

Cisco ACS MAB and certificate authentication on different SSID

Hi all,

I am working on cisco WLC and acs 5.5. I have some AAA questions struggling for days but hardly find related information on the web.

I want to create a new ssid (e.g. ABC-ssid) on the WLC using MAB with mac address stored on the acs, while other remaining ssids keep being authenticated on the same acs with machine cert.

However, when I configure the MAC with host lookup on acs, will it override the machine cert (CN) authentication set on other ssid?

Can both authentication methods coexist on the same acs?

Also, MAB only applies to that ABC-ssid. Can I make the MAB ssid-specific?

How could I configure it on the ACS? Do I need to set it on the end device filter on acs?

Many thanks in advance.

1 REPLY 1
Jagdeep Gambhir
Advocate

You should be able to setup MAC filtering on per WLAN id.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_wlan.html#pgfId-1084782

On ACS you need to setup End station filter using DNIS option and call that condition in the rule.

Regards,

~JG

Do rate helpful posts

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel