cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
369
Views
0
Helpful
3
Replies
Highlighted
Participant

MAC filtering with LDAP

Hi,

I am wondering if it is possible to do MAC pre-authentication (MAC filtering) while also using LDAP for user authentication. For example, users who have their MAC in the MAC filter will be automatically allowed, which the remaining WLAN users will be directed to the Cisco login page to authenticate against an LDAP server.

Also of note, my APs are running in local mode.

Software: 7.0.220.0

3 REPLIES 3
Highlighted
Cisco Employee

Both are independent and it should work.

once client passes layer-2 mac filter, should get an ip, on trying an external url, splash page should show up, entered user credentials uses LDAP for lookup and get authenticated.

Highlighted

Thanks,

But what I was hoping the MAC filter would do is auto-authenticate the user. Example, a board member's iPad would be auto authenticated if the WLC sees their MAC address, so the splash screen would not be bypassed. Is this possible?

Highlighted

#1 MAC filter is L2 and webauth is L3 security, if both options are enabled the wireless client on that wlan passes L2, get ip, request for ext url and shows the splash page.

#2 On MAC filter failure:

If a WLAN has both a Layer 2 (mac-filter) and Layer 3 security (webauth-on-macfilter-failure) configured, the client moves to RUN state if either one is passed. if it fail Layer 2 security (mac-filter), the client is moved to Layer 3 security (webauth-on-macfilter-failure) i.e, when clients fail on MAC filter, they get automatically switched to webAuth.

difference between #1 & #2

Web policy --> authentication, it can or can't be configured with mac filter, if mac filter enabled then it will be mandatory & can't fail to webauth like above, means it has to pass macfilter first and then webauth also.

the above scenario is irrespective of local/LDAP is used. user lookup kickin only the webauth is processed.