Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
906
Views
0
Helpful
3
Replies

Mac-address authentication per vlan/ssid

pbarman
Level 5
Level 5

‎03-27-2005 12:27 AM - edited ‎07-04-2021 10:37 AM

Requirement is a user with macaddress1 is supposed to connect using SSID abc only. Second user with macaddress2 should connect using SSID xyz only.

If user with macaddress1 ever tries to connect using SSID xyz, he should NOT be given access to the network.

Effectively we are trying to restrict certain mac-addresses to certain vlans (or, ssids) only!

Is it possible to configure this, if so, how?

Thanks for any info provided.

PB

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-27-2005 12:31 AM

The easiest way to do this is to tie it in with RADIUS. Then you simply define a policy on the RADIUS server saying user "x" is only valid in SSID "abc".

Might be just as easy to pass the VLAN ID back to the access point that the user is allowed to use.

0 Helpful

pbarman
Level 5
Level 5
In response to Philip D'Ath

‎03-27-2005 02:11 PM

Agreed to the above. However customer wants to tie the macaddress instead of userid with ssid. We can do mac address authentication using radius and have a pool of macaddresses that would be allowed. However what we want is two pools of allowed macaddresses and each tied to its own ssid. Is it possible???

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to pbarman

‎03-27-2005 05:15 PM

One of the attributes passed by the AP back to the RADIUS server is the SSID.

My thoughts are that you need two RADIUS policies. One that requires a specific SSID and a MAC address from a specified pool, and a second policy for the second SSID and the second pool of MAC addresses.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card