07-30-2013 07:21 AM - edited 07-04-2021 12:33 AM
We are creating a BYOD network, have any of you tried this?
1) First time user attempts to connect to byod_ssid they are presented with captive portal page that requests AD credentials. In the back ground users MAC address needs to be captured.
2) All subsequent connections to byod_ssid are MAC authenticated.
I am not finding any documentation on this process from the Cisco side. What do you think? Is it possible?
Thanks!
07-30-2013 08:54 AM
you may do this via DRW on ISE
configure ssid with mac filtering, then on ise confignauthz rule with redirect to drw... register your device... CoA sent by ise... connect again and should work
sth similar to below , instead you are using mab
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_guest_pol.html#wp1220041
Sent from Cisco Technical Support iPad App
07-30-2013 09:01 AM
Sorry, but I forgot to precise that we don't have an ISE
07-30-2013 02:17 PM
Hello,
As per your query i can suggest you the following link to refer-
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml
Hope this will help you.
07-31-2013 12:30 AM
Is there any way to do it without ISE because we don't have this appliance?
08-01-2013 12:26 AM
is it possible to do this with configuring a Fallback Policy with MAC Filtering and Web Authentication? but with enough security (layer 2 or 3) to avoid mac address spoofing
08-01-2013 04:13 AM
No... any MAC address has to be manually entered in the WLC. There is no "capture these MAC address and store it" feature on the WLC's.
Sent from Cisco Technical Support iPhone App
08-02-2013 12:48 AM
What about configuring a Fallback Policy with MAC Filtering and Web Authentication?
I want just use this option.
Normally, there is a local database and with enabling the mac filtering and on MAC Filter Failure I have to find the mac address of the authenticate device on the wlc local database.
Authentication is done via AD credentials on a web portal.
08-05-2013 03:24 AM
No suggestion?
08-05-2013 03:55 AM
What exactly are you wanting to do? If you enter the MAC address manually, then that would work. If you expect the WLC to auto generate and store MAC address, it can't.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide