Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
778
Views
0
Helpful
7
Replies

CISCO ISE Authetication wirelss request with both username and mac address in one rule

mortezasadeghi
Level 1
Level 1

‎12-28-2016 03:08 AM - edited ‎03-11-2019 12:19 AM

Can anyone guide me about how to request authentication of wireless Access with a user name and the MAC Address at the same time.

To prevent the number of device who can connect to the network

Labels:
0 Helpful
7 Replies 7

nspasov
Cisco Employee
Cisco Employee

‎12-30-2016 06:00 PM

Hi there! Quick question: Are you using Cisco Wireless? If yes, you can configure the SSID to perform 802.1x (EAP-PEAP, EAP-TLS, etc) + MAC Filtering. Then in ISE you can configure it to check for both the EAP credentials and the MAC address. However, the issue here is that you have to manually manage mac addresses which can be very time consuming. 

I would recommend that you instead push users through a Web Portal in ISE. Then restrict the maximum number of devices through the Web Portal settings in ISE directly. That way the configuration on the WLC would be simple and you won't have to manually manage mac addresses. 

I hope this helps!

Thank you for rating helpful posts!

0 Helpful

mortezasadeghi
Level 1
Level 1
In response to nspasov

‎12-30-2016 09:21 PM

Hi Neno Spasov

Thanks for Reply

i know, but you can not enable the other layer 2 security except (psk) when the mac filter enable.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to mortezasadeghi

‎01-01-2017 11:29 PM

I thought this feature was introduced with version 8.3 of the WLC but I could be wrong. I am away on vacation right now so I cannot test/confirm it. 

In either case, I would suggest you try my 2nd suggestion (Web Auth) vs manually controlling mac addresses. 

Thank you for rating helpful posts!

0 Helpful

mortezasadeghi
Level 1
Level 1
In response to nspasov

‎01-02-2017 04:38 AM

thank you so much

i found the the solution and it's been working with user pass method either Mac binding together .

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to mortezasadeghi

‎01-05-2017 09:58 AM

Great! Glad to hear that you were able to solve your problem! Can you give us a few more details around what was the exact solution and configuration steps required?

Thank you for rating helpful posts!

0 Helpful

sajid_m123
Level 1
Level 1
In response to mortezasadeghi

‎02-02-2017 09:39 AM

Could you please elaborate on user pass method?

0 Helpful

mortezasadeghi
Level 1
Level 1
In response to mortezasadeghi

‎05-09-2017 06:49 AM

Hi all

the solution is

you should create 2 access rule first one for authenticate the mac address match the local database and second rule authenticate the username and password.!

I test it and work correctly.

0 Helpful
Customers Also Viewed These Support Documents