Create MAC address filters WLC via RADIUS Server

Steve Cunningham · ‎02-28-2014

Cisco 5508 WLC works fine and MAC Address filtering ( no user auth) works fine as well, with the MAC Addr filter on the WLC. Would like to place the MAC addr filter list on a FREE Radius server NOT Cisco ACS.

I beleive the user id and pw must be the MAC address anyomne confirm ?

Question:

How to configure the WLAN ID # into the RADIUS server so that is passed along with the "Username/PW" ?

Would like to use the FREE Radius server NOT Cisco ACS

Has anyone done this and can you share a Free Radius config file please ?

steve

Saurav Lodh · ‎03-06-2014

Please use the below for RADIUS attributes

http://www.cisco.com/c/en/us/support/docs/wireless/4100-series-wireless-lan-controllers/96103-wlc-attributes.html

Steve Cunningham · ‎03-06-2014

Good Morning-

Thank you for the Info on the Airspace attributes I got that. Now I set up FreeRadius and I createa user with the username and Cleartext password to be the mac address. Using the radtest program I get a postive response "Access Accept" and the WLAM attribute is passed

BUT

When i do the real deal with the controller things fail. Watching the Radius debug and the output of radiusd -X on the server. It appears that the WLC is sending the Radius SECRET as the user password ! I think the actual construction of the users file is the issue. Do you have an example of a FREE Radius users file.

The end goal is that a Computer can gain Wireless access based only on it's MAC address no WPA or WPA2 MAC address only. This works if we build the "users" table on the WLC directly, but that is very limited. We want to use the Free Radius server as the data set to hold the MAC addr of more than 500 machines. The attributes is one part but the construction of the users file so that the supplicant's MAC address is processed properly

steve