cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3314
Views
10
Helpful
3
Replies

Cisco WLC MAC Filtering Integration with ISE and 802.1x

Hi,

I want to perform authentication on a new SSID based on the MAC address of the device and then give access to the user based on the policy that i have create on Cisco ISE.

Can you please tell me if i can perform such a solution and how i can do it on ISE;

Ι have already create the new SSID with the Mac Filtering enabled.

 

Thank you.

 

3 Replies 3

howon
Cisco Employee
Cisco Employee

Since MAC address doesn't provide user identity behind the device there needs to be a way to tie the MAC to a user to be able to assign policy based on the user. This can be done with WebAuth with device registration where upon logging in to a portal page, the MAC address of the client device is added to a certain endpoint group. Then policy can be applied to the endpoint group.

Thank you howon for your solution. Because they do not want the WebAuth from my company for these users, i will try to do it by enabling the Mac Address filtering into the SSID. Then i will create the binding between the Mac Address and an IP from the Vlan for which i have already create a policy to ISE. Finally i will use the Identity Awareness on my firewall in order to permit specific users. 

So at the end i suppose that through this way i will manage to control both a limited number of mac address and a limited number of users. 

Do you think that this solution will work;

Nadia Bbz
Level 1
Level 1

Hi ;

 

i performed authentication into wireless using both ( mac address + dot1x ) it's work as well, for this you need to create

Endpoint Identity Groups in cisco ise and put in the list of address mac after that you change your rule policy by adding the group