- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 10:17 AM - edited 03-08-2019 09:02 AM
Hi all,
We have a CISCO WLAN device that has an "employee" BYOD network. We started MAC filtering on "employee" to limit access due to bandwidth concerns. Our Windows domain controller is now getting radius requests from MACs that aren't on the whitelist with the MAC as the users name. The employee network is set up to receive DHCP/IP info from the DC, but we don't want radius authentication. The MACs are being used as user names. Only our separate "secure" network for laptops automatically logs in and authenticates against active directory. How do we stop this behavior?
We don't need a radius server for "employee" - it can authenticate against the whitelist on the WLAN's database.
Screenshots of current settings are attached. Thanks.
Regards,
David
Solved! Go to Solution.
- Labels:
-
Other Switching
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 12:52 PM
Hello,
there are no authentication servers configured anyway, so you might as well turn it off, since none of the other users need it either.
I am thinking, is there a way to deny RADIUS requests (usually coming from port 1645 or 1812) on the Windows DC ?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 12:21 PM
Hello,
I am not clear on what you are asking. You don't want users from the 'employee' network to send RADIUS authentication requests to the Windows DC ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 12:27 PM
Hi Georg,
Thats exactly right - only the local database for MAC filtering. I'm afraid to turn off the radius server that's under the WLAN Security tab for fear of breaking the 'secure' network for laptops. The 'employee' WLAN security settings have authentication checked, so maybe just uncheck there? ...We're between networking people.
Thanks
regards,
david
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 12:52 PM
Hello,
there are no authentication servers configured anyway, so you might as well turn it off, since none of the other users need it either.
I am thinking, is there a way to deny RADIUS requests (usually coming from port 1645 or 1812) on the Windows DC ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 01:02 PM
I'll give it a shot. Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 01:41 PM
Hello
Under the "employee" ssid layer 2 security tab try disabling L2 altogether and just have mac-filtering enabled, also you shouldn't have radius enabled for that ssid, This can be turned off.
I am assuming you are want the WLC to preform the white listing? - If so then If i remember you need to specify that from under the controllers security tab
At present I don't have access to our WLC's to verify
res
Paul
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
