09-14-2012 08:35 PM - edited 03-10-2019 07:33 PM
Hi guys,
I have a Lab with a ISE ver 1.1.1 installed on VMWARE, a Switch 3750, a WLC 4200 and one AP registered on WLC, the WLC and AP are connected to Switch, we are testing the user authentication using a samsung tablet and it work ok. The authentication procces is using the actual AD. the issue is when I try to authenticate de device using their MAC address. I'm reading many pappers, but no one explain me the steps to do the both autentication: by user and by MAC address using the ISE.
can any one help me about the authenticacion MAC address process on ISE. the final deployment our client want to use user and device authentication.
Thank you for your attention on this matter.
09-14-2012 10:37 PM
Hugo,
Can you please post the configuration of your port? You might want to consider device registration web authentication, this is a feature that you can enable which creates a portal that appears to be a AUP page which statically assigns the users to an endpoint identity group. I posted a write up of this and can be found here with screenshots and the user experience.
https://supportforums.cisco.com/docs/DOC-26667
You can download the pdf it looks much better.
Thanks,
Tarik Admani
*Please rate helpful posts*
09-17-2012 07:24 AM
Hi Tarik,
Thanks for your reply,
the port configuration of SW is it:
DEMOSW# sh run int Gi2/0/11
description Access Wireless LAN Controller
switchport trunk encapsulation dot1q
switchport mode trunk
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
spanning-tree portfast
DEMOSW# sh run int Gi2/0/12
description Access Point
switchport access vlan 103
spanning-tree portfast
Our goal is that the MAC address Tablets can be authenticated using the ISE Internal Enpoints Database.
I hope you may help me about it.
Thank you for your attention on this matter.
Regards.
09-17-2012 07:42 AM
Hugo,
If you are trying to authenticate the tablets via wireless then you must have the mac filtering option set in the Layer 2 Security submenu. on the WLC. What version of code are you running on the WLC?
thanks,
Tarik Admani
*Please rate helpful posts*
09-17-2012 08:19 AM
Hi Tarik,
Version of IOS: 7.0.235.0
Is a Cisco WLC 4400 Series.
Let me know if you need anything else.
Ragards.
09-17-2012 06:29 PM
Hugo,
Do you have mac filtering enabled? If so, do you see the mac address being authenticated succesfully. You will have to enable both mac filtering and dot1x authentication.
Thanks,
Tarik Admani
*Please rate helpful posts*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide