Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
1
Helpful
5
Replies

Cisco EWLC on C9115AX access point with AD integration & MAC together

Muzammel
Level 1
Level 1

‎03-25-2025 06:39 AM

Hello,

We are configuring Cisco Embedded Wireless Controller on C9115AX Access Point. We are having some difficulties when configuring two seperate SSID name AD_User and MAC_User. We want "AD_User" will have AD/RADIUS integration so that AD user/password will be used to get WiFi access, on the other hand SSID "MAC_User" will be authenticated via MAC with/wihout user/password.
But above two scenario are not working at the same; when AD_User works with AD credentials but MAC user does not work and vice versa.

Can anyone confirm if this a limitation of EWLC? If not thenhow to configure any specific documents or guideline pls.

 

Thanks & Regards,

Muzammel Haque

 

0 Helpful
5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame

‎03-25-2025 06:46 AM - edited ‎03-25-2025 06:50 AM

What radius server are you using?  I know with Cisco ISE you can do MAB, mac address bypass with rules and with AD creds, you can do EAP-PEAP with either user creds or machine credentials.  This is not a limitation to EWC or really any wireless systems. It depends on your rules and how you combine that to make things work.  

To clarify, you do have two separate SSID's.  What you are saying that only one works at a time, or are you trying to switch from one to the other nd vices versa and that is causing issues.  You really want to create SSID's that users will only connect to one or the other, not both as that can be an issue also.

What I would do is build one SSID at a time and get them working. PEAP with AD creds is really what you need, I would beleive the MAB is for dumb devices, can't those do PSK?

-Scott
*** Please rate helpful posts ***

Muzammel
Level 1
Level 1
In response to Scott Fella

‎03-25-2025 10:40 AM

Hi Scott,

Thank you for your reply. We have Microsoft NPS as RADIUS. Actually I have created two SSID 1. AD_User and 2. MAC_User. Target is to configure AD_User with AD authentication and MAC_User with MAC bindings and local WLC authentocation. 

Above two SSID and authentication works seperately but not both at the same time.

Thanks,

Muzammel

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Muzammel

‎03-26-2025 06:29 AM

What do you mean the same time?  You want to use both at the same time, so like a device connects to wireless, then the user has to enter their ad credentials and if that passes, then check if the mac address exists in a database?

-Scott
*** Please rate helpful posts ***
0 Helpful

Muzammel
Level 1
Level 1
In response to Scott Fella

‎03-26-2025 08:10 AM

Mean AD users will use SSID "AD_Users" with their domain username & password, and the users don't have AD accounts will use "MAC_Users" SSID with MAC bindings and with/without username/password.

Thanks,

Muzammel

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Muzammel

‎03-26-2025 10:28 AM

I think this will be a limitation on NPS not on the wireless.  SSID "AD_Users" should work normally, but your SSID "MAC_Users", where does this database live?  Why not just use PSK for those that don't have AD credentials?

https://www.cisco.com/c/en/us/td/docs/wireless/controller/ewc/16-12/config-guide/ewc_cg_16_12/mac_authentication_bypass.html

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card