cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1519
Views
0
Helpful
7
Replies

Wireless MAC Filtering by ISE cannot success !

HI,

 

We use a ISE as AAA Server, we have two wireless controllers with same PID.

Clients can do mac filter authencation from one wlc(site1),but cannot be authencated by another wlc(site2) that have same config as that wlc.

 

There is the simple topo:

QQ图片20190805181305.png

Could you please me to resolve this issue ?

 

Thanks a lot !

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
7 Replies 7

Francesco Molino
VIP Alumni
VIP Alumni
Hi
The configs are the same on both WLCs for the SSID you're using. This means that authentication request based on mac address should be redirected to your ISE server.
What logs do you see on your ISE server. Can you share the info please?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Haydn Andrews
VIP Alumni
VIP Alumni

Not enough information here

Are you getting any ISE logs from the WLC that is not working - can you share them

Can you confirm the WLAN settings are the exact same on both WLCs

Can you confirm that both WLCs are configured as network devices on ISE and using the same profile for the MAB authentication?

Your diagram says LAN are both WLCs on the same subnet? There are no ACLs or Firewalls between the WLCs and ISE?

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

Thanks for your response !

Are you getting any ISE logs from the WLC that is not working - can you share them
1、I cannot find the log about client try to connect,i think ISE may drop the packets. I can find Radius Drops as below:
RADIUS Drops

Endpoint Details:Endpoint Id:......
Failure Reason:11007 Could not locate network device or AAA client
...

Can you confirm the WLAN settings are the exact same on both WLCs
2、i confirm WLAN setting are exact same on both WLCs

Can you confirm that both WLCs are configured as network devices on ISE and using the same profile for the MAB authentication?
3、both WLCs are configured as network devcie on ISE and using the same profile for the MAB authentication

Your diagram says LAN are both WLCs on the same subnet? There are no ACLs or Firewalls between the WLCs and ISE?
4、Yes,both wlcs on the same subnet. There is no ACLs or FW between the WLCs and ISE.

Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Supplementary screenshot
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Is there any one can provide some suggestions? ^_^
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

On your screenshot it's mentionned your NAD isn't found into your ISE. Can you make sure you've created your 2nd wlc as NAD into ISE and share the output showing it?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Yes, this is a strange aspect that I feel. I have added two WLCs to ISE and checked that there is no problem, but there is such a mistake in ISE, I don't know if there are other problems. Maybe I will try to delete another WLC and then add it again.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: