05-12-2019 11:08 PM - edited 07-05-2021 10:23 AM
Hello Experts,
MAB ==> For Wired Client only ==> If dot1x authentication fails, then Mac authentication is tried.
MAC Authentication Failover to 802.1X ==> If mac authentication fails, then try dot1x authentication.
1. Is there not any MAB equivalent in wireless, wherein if dot1x authentication fails for wireless clients than MAB is tried?
2. If we enable mac authentication on a WLAN, will it consume any end point license from ISE?
05-13-2019 05:45 AM
05-14-2019 01:02 AM
Thanks Patoberli for the response.
Is MAC authentication with Radius for WPA2-PSK SSID even supported?
05-14-2019 01:35 AM
05-14-2019 02:26 AM
MAB and dot1.x can't be configure on the same SSID.
Please check the doc for IPSK Deployment Cisco WLC and ISE
05-14-2019 04:09 AM
Hi Ravindran,
Thanks for the response and the link.
I am not looking for dot1x and MAB on the same SSID.
The combination that I am looking out for is wpa2-psk + mac authentication via Radius.
05-14-2019 04:59 AM
05-14-2019 05:08 AM
Yes, That can be done.
You have to configure the SSID with WPA2+PSK and MAC filtering , In the AAA server you have to map the radius server which you want to use for MAB.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide