cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
653
Views
0
Helpful
1
Replies

Cisco ACS MAB and certificate authentication on different SSID

loadingload
Level 1
Level 1

Hi all,

I am working on cisco WLC and acs 5.5. I have some AAA questions struggling for days but hardly find related information on the web.

I want to create a new ssid (e.g. ABC-ssid) on the WLC using MAB with mac address stored on the acs, while other remaining ssids keep being authenticated on the same acs with machine cert.

However, when I configure the MAC with host lookup on acs, will it override the machine cert (CN) authentication set on other ssid?

Can both authentication methods coexist on the same acs?

Also, MAB only applies to that ABC-ssid. Can I make the MAB ssid-specific?

How could I configure it on the ACS? Do I need to set it on the end device filter on acs?

Many thanks in advance.

1 Reply 1

Jagdeep Gambhir
Level 10
Level 10

You should be able to setup MAC filtering on per WLAN id.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_wlan.html#pgfId-1084782

On ACS you need to setup End station filter using DNIS option and call that condition in the rule.

Regards,

~JG

Do rate helpful posts