Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
5
Helpful
13
Replies

MAC address in catalyst controller

Go to solution
manvik
Level 3
Level 3

‎08-05-2024 11:58 PM

I dont see any option 9800 catalyst controller for MAC address filtering in an SSID.  The method mentioned in this link not working, while select the auth list in SSID settings list does not shows up.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213922-configure-mac-authentication-ssid-on-cis.html

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎08-06-2024 06:25 AM

There is mac filter and mac filter with wpa

For your case check below 

https://0x2142.com/how-to-catalyst-9800-mac-filtering/

MHM

View solution in original post

13 Replies 13

Go to solution
marce1000
VIP
VIP

‎08-06-2024 12:04 AM

 

 - You may want to revert to configuring trough the CLI (only) , if applicable and possible
    + What software version is the 9800 controller  using ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
manvik
Level 3
Level 3
In response to marce1000

‎08-06-2024 12:10 AM

software version 17.3.4c

0 Helpful

Go to solution
marce1000
VIP
VIP
In response to manvik

‎08-06-2024 12:14 AM

 

   - The software version is old and EOL , consider 17.12.3

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
manvik
Level 3
Level 3

‎08-06-2024 02:46 AM

I have upgraded version to 17.12.4 what i don't understand is how "Authorization Method" (Security > AAA > AAA Method list > Authorization) and "Device Authentication" (Security > AAA > > AAA Advanced >> Device authentication) is related.
Also there's no menu Configuration > Wireless > WLANs > + Add  . It's Tag&Profiles > WLAN

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to manvik

‎08-06-2024 03:04 AM

Edit wlan> secuirty > l2 secuirty 

There is mac filter options 

MHM

0 Helpful

Go to solution
manvik
Level 3
Level 3

‎08-06-2024 03:45 AM

1. created WLAN and choose Mac filtering in Layer 2 security and choose Authorization list.

manvik_0-1722940618210.png

2. Only option available in Authorization list is below

manvik_1-1722940692592.png

3. Where to configure MAC address now?
4. Below is the only place i saw to add MAC address, there's an option to select the SSID. Now how does Authorization list and this MAC address relate or connected?

manvik_2-1722941052169.png

 

 

0 Helpful

Go to solution
marce1000
VIP
VIP
In response to manvik

‎08-06-2024 04:02 AM

 

  - Note that any GUI changes are implemented in the running configuration ; this is a bit elaborate but what sometimes helps or can give insights is to look or take a difference between subsequent version of the running configuration on an external repository (when making changes with the GUI) then use the intended or viewed running configuration command manually with the CLI and or use ? for correct command completion info's, because in the end it could be a bug in the GUI , 

    Appendix ; you can always evaluate the configuration of a 9800 controller with the CLI command
                     show tech wireless and feed the output from that into Wireless Config Analyzer
                     Note : use the full command as mentioned in green , WirelessAnalyzer does not work with the
                     output from a simple show tech 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to manvik

‎08-06-2024 04:55 AM

What is secuirty you use ?

Wpa + mac filtering?

MHM

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎08-06-2024 06:25 AM

There is mac filter and mac filter with wpa

For your case check below 

https://0x2142.com/how-to-catalyst-9800-mac-filtering/

MHM

Go to solution
Rich R
VIP
VIP

‎08-06-2024 08:57 AM - edited ‎08-06-2024 08:58 AM

It definitely works.
As Marce suggested I highly recommend using CLI not GUI - it's less confusing and follow the doc step by step.
Since you apparently want to use local MAC authentication note that the MAC addresses are configured as "username" but it is very important to enter the MAC address as all lower case with no punctuation (no dots, dashes or colons) otherwise it will not match.

Using MAC addresses for security really is not advisable though.  It's not secure (because it's very easy to spoof a MAC address) and with randomised MAC addresses will ultimately become almost impossible.  With the latest version of iOS iPhones do not use hardware MAC even for networks which have Rotating MAC (the new name for Private MAC) disabled.  The non-rotating MAC is still a Private MAC, different for every SSID.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Go to solution
manvik
Level 3
Level 3

‎08-30-2024 04:45 AM

I could not find a proper step-by-step documentation other than this. Anyone trying to setup MAC address filter SSID in catalyst controller can try these steps;

https://0x2142.com/how-to-catalyst-9800-mac-filtering/

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to manvik

‎08-30-2024 04:52 AM

I already share this link days ago

Maybe you missing it

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card