domain authentication with mac address restrictions

salihsalih5 · ‎02-05-2014

I am in a branch office and I have one WLC 5508 and one ACS 4.2 with three WLANs:

WLAN1 with SSID1: for company computers and laptops

WLAN2 with SSID2: for ipads and tablets

WLAN3 with SSID3: for guests

I am asked to configure WLAN2 as “WLAN2: Provides the Wi-Fi connectivity to ipads and tablets, with back end security using domain authentication with mac address restrictions.

Scott Fella · ‎02-05-2014

So for WLAN 2, you would use 802.1.x PEAP (AD Credentials) and you can also use MAC address filter for that WLAN in the WLC. Here is a guide on Mac filtering.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml

I'm guessing your okay with the other SSID's and your radius policies since your only asking about WLAN 2.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

salihsalih5 · ‎02-05-2014

Thanks Scott. My only one active directory domain is mapped to ACS group 2 which maps to VLAN1 with WLAN1. Is it possible to map the same domain to another group 3 where my VLAN2 with WLAN2. Like one domain to many groups in ACS. If not what do you thinik is the solution for this case?

Thanks,

Hajir

Scott Fella · ‎02-05-2014

You would need to create a seperate policy and be able to have a seperation between the two policies... It's kind of hard to explain, but you would have for example:

Policy 1:

Wireless user on this SSID WLAN1

AD on this AD Group (Machine)

Policy 2:

Wireless user on this SSID WLAN 2

AD on this AD Group (USer)

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***