cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

305
Views
0
Helpful
1
Replies
Highlighted
Beginner

Cisco ACS MAB and certificate authentication on different SSID

Hi all,

I am working on cisco WLC and acs 5.5. I have some AAA questions struggling for days but hardly find related information on the web.

I want to create a new ssid (e.g. ABC-ssid) on the WLC using MAB with mac address stored on the acs, while other remaining ssids keep being authenticated on the same acs with machine cert.

However, when I configure the MAC with host lookup on acs, will it override the machine cert (CN) authentication set on other ssid?

Can both authentication methods coexist on the same acs?

Also, MAB only applies to that ABC-ssid. Can I make the MAB ssid-specific?

How could I configure it on the ACS? Do I need to set it on the end device filter on acs?

Many thanks in advance.

1 REPLY 1
Highlighted

You should be able to setup MAC filtering on per WLAN id.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_wlan.html#pgfId-1084782

On ACS you need to setup End station filter using DNIS option and call that condition in the rule.

Regards,

~JG

Do rate helpful posts

Content for Community-Ad