Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1007
Views
0
Helpful
4
Replies

MAC Filtering with Anchors

roadhouse1387
Level 1
Level 1

‎10-12-2015 07:03 AM - edited ‎07-05-2021 04:05 AM

Hi All,

quick question, I need to configure MAC filtering to allow a client to access a network attached to an anchor controller.

There is an existing web passthrough wlan on the foreign controller which allows guests to access the internet on a dynamic interface on the anchor controller in the usual manner, which works fine (DHCP is via the anchor controller locally and there are no AP's on the anchor). Now there is a requirement to allow a handfull of devices to access the internet using mac filtering.

So I will set up another SSID for now on both controllers and anchor them together, then , on the anchor, I candrop them onto the same dynamic interface as the current web passthrough WLAN uses, which should work ok.

However, my question is this, do i configure the local MAC filter list of allowed MACs on the foreign or anchor controller or both ?

also, in the event of scaling this to use radius, who sends the radius requests for mac clients ? the anchor or the foreign controller ?

Many Thanks

 

Labels:
0 Helpful
4 Replies 4

roadhouse1387
Level 1
Level 1

‎12-12-2015 07:48 AM

bumping this in the hope someone can help ?

i have looked at mac bypass on failure but the current anchor uses a web passthrough page.

im just looking to create an open SSID with a mac list on the (anchor presumably ?) WLC.

Am i going to be able to do this ok

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to roadhouse1387

‎12-13-2015 11:25 AM

So how this works... Been a while:), if a device doesn't hit the Mac filter, fails, then the device is redirected to webauth.  So since your using Passthrough, this becomes a "work around".  You will have to create a a webauth page and then customize that page to have a username and password in which the fields are hidden and you set a value for those fields. You would create a generic local user account for this value. Since the field is hidden and when a user hit accept, the controller will use a webauth, but it's really seen as Passthrough because the fields are hidden and the end user can't change that.  This is how you can "work around" and be able to use the Mac filter failure option. 

Hope this helps

-Scott

*** Please rate helpful post ***

-Scott
*** Please rate helpful posts ***
0 Helpful

Eric Glodowski
Level 1
Level 1
In response to Scott Fella

‎03-16-2016 11:11 AM

What if you are using PSK for the SSID on the foreign/anchor?  Would MAC Filtering need to be checked on the WLAN of the foreign WLC?  Would I need to configure the RADIUS auth server on the foreign as well?  Or just the anchor?

0 Helpful

Eric Glodowski
Level 1
Level 1
In response to Eric Glodowski

‎03-17-2016 12:18 PM

Testing confirms RADIUS server config is required only on anchor.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card