cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
5
Helpful
3
Replies

Dynamic mac address authentication

manvik
Participant
Participant

how's everyone tackling the dynamic MAC address challenge in new android & Mac devices. Our SSID is MAC filtered, MAC address is added to WLC and those are permitted to connect.

Issue is client device MAC address keeps on changing as it has dynamic mac enabled.

1 Accepted Solution

Accepted Solutions

ammahend
VIP
VIP

I understand you don’t have ise, but this might give you a good outlook on your problem

 

https://community.cisco.com/t5/security-documents/random-mac-address-how-to-deal-with-it-using-ise/ta-p/4049321


there is no silver bullet to this issue, if it’s managed device then you can use MDM to turn off max randomization, otherwise move away from MAB to 802.1X, MAB it’s highly insecure anyways. 

hope this helps 

 

-hope this helps-

View solution in original post

3 Replies 3

ammahend
VIP
VIP

I understand you don’t have ise, but this might give you a good outlook on your problem

 

https://community.cisco.com/t5/security-documents/random-mac-address-how-to-deal-with-it-using-ise/ta-p/4049321


there is no silver bullet to this issue, if it’s managed device then you can use MDM to turn off max randomization, otherwise move away from MAB to 802.1X, MAB it’s highly insecure anyways. 

hope this helps 

 

-hope this helps-

@ammahend you are right, we are not using ISE or MDM. I think there's no option now we can't use WLC MAC filtering until client turns of dynamic mac address.

Hi

 This feature only make netadmin lifes harder. To me, the best option is disable it. I see no gain and a lot of problem, inclusive in ISE. 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: