I am wondering if it is possible to do MAC pre-authentication (MAC filtering) while also using LDAP for user authentication. For example, users who have their MAC in the MAC filter will be automatically allowed, which the remaining WLAN users will be directed to the Cisco login page to authenticate against an LDAP server.
Also of note, my APs are running in local mode.
Both are independent and it should work.
once client passes layer-2 mac filter, should get an ip, on trying an external url, splash page should show up, entered user credentials uses LDAP for lookup and get authenticated.
But what I was hoping the MAC filter would do is auto-authenticate the user. Example, a board member's iPad would be auto authenticated if the WLC sees their MAC address, so the splash screen would not be bypassed. Is this possible?
#1 MAC filter is L2 and webauth is L3 security, if both options are enabled the wireless client on that wlan passes L2, get ip, request for ext url and shows the splash page.
#2 On MAC filter failure:
the above scenario is irrespective of local/LDAP is used. user lookup kickin only the webauth is processed.