Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2354
Views
0
Helpful
4
Replies

MAC address filtering with ACS 5.5

tsaven_nava
Level 1
Level 1

‎12-28-2014 02:39 PM - edited ‎03-10-2019 10:18 PM

What is the best way to accomplish MAC address filtering using ACS 5.5 for wireless devices?

 

I am setting up an SSID to connect ~2000 wireless devices to our network.  These devices will be used by many different people who do not have user accounts on our domain.  This SSID will be used only for these devices, and our supplier is providing us with a spreadsheet containing all the device's MAC addresses. 

We have a Cisco WLC to manage our wireless networks, and it can do MAC address filtering on a small scale, but has no way to bulk import/edit/manage MAC addresses, nor an ability to restrict those MACs to a single SSID.

 

Thank you

Labels:
0 Helpful
4 Replies 4

nspasov
Cisco Employee
Cisco Employee

‎12-29-2014 01:16 AM

Yes, you can do it:

1. You can mass import the endpoints in ACS by using the template located under: Users and Identity Stores > Internal Identity Stores > Hosts > File Operations > Select "Add" > Then "Download "Add" Template. Then you will populate the template and use it to import

2. You must create your appropriate Access Policies. You will need to ensure that they are referencing the internal group where the hosts were imported to

3. In your WLC, you will have to add the ACS server as a "Radius Server." You will set the "MAC Filtering" under the SSID and then point to the ACS Server(s) under the "AAA Servers Tab"

Hope this helps!

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

kamlenegi
Level 1
Level 1
In response to nspasov

‎04-18-2015 12:26 AM

Hi,

 

Same requirement is here but additionally require AD authentication. Is is possible end station filtering and AD authentication can work together?

 

Kamlesh

0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎12-29-2014 01:17 AM

Also found this videos that you might find useful:

https://www.youtube.com/watch?v=x9PgnrTdC6w

https://www.youtube.com/watch?v=XJIw3SWmfE8

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

mohanak
Cisco Employee
Cisco Employee

‎12-29-2014 01:22 AM

Network Conditions—You can create filters of the following types to restrict access to the network:

End Station Filters—Based on end stations that initiate and terminate the connection. End stations may be identified by IP address, MAC address, calling line identification (CLI), or dialed number identification service (DNIS) fields obtained from the request.

Network Device Filters—Based on the AAA client that processes the request. A network device can be identified by its IP address, by the device name that is defined in the network device repository, or by the NDG.

Device Port Filters—Network device definition might be supplemented by the device port that the end station is associated with.

Each network device condition defines a list of objects that can then be included in policy conditions, resulting in a set of definitions that are matched against those presented in the request.

The operator that you use in the condition can be either match, in which case the value presented must match at least one entry within the network condition, or no matches, in which case it should not match any entry in the set of objects that is present in the filter.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/pol_elem.html

0 Helpful
Customers Also Viewed These Support Documents