Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
3
Replies

MAC filtering with LDAP

Josh Morris
Level 3
Level 3

‎10-24-2012 08:33 AM - edited ‎07-03-2021 10:54 PM

Hi,

I am wondering if it is possible to do MAC pre-authentication (MAC filtering) while also using LDAP for user authentication. For example, users who have their MAC in the MAC filter will be automatically allowed, which the remaining WLAN users will be directed to the Cisco login page to authenticate against an LDAP server.

Also of note, my APs are running in local mode.

Software: 7.0.220.0

Labels:
0 Helpful
3 Replies 3

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎10-24-2012 04:10 PM

Both are independent and it should work.

once client passes layer-2 mac filter, should get an ip, on trying an external url, splash page should show up, entered user credentials uses LDAP for lookup and get authenticated.

0 Helpful

Josh Morris
Level 3
Level 3
In response to Saravanan Lakshmanan

‎10-25-2012 05:02 AM

Thanks,

But what I was hoping the MAC filter would do is auto-authenticate the user. Example, a board member's iPad would be auto authenticated if the WLC sees their MAC address, so the splash screen would not be bypassed. Is this possible?

0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee
In response to Josh Morris

‎10-25-2012 11:44 AM

#1 MAC filter is L2 and webauth is L3 security, if both options are enabled the wireless client on that wlan passes L2, get ip, request for ext url and shows the splash page.

#2 On MAC filter failure:

If a WLAN has both a Layer 2 (mac-filter) and Layer 3 security (webauth-on-macfilter-failure) configured, the client moves to RUN state if either one is passed. if it fail Layer 2 security (mac-filter), the client is moved to Layer 3 security (webauth-on-macfilter-failure) i.e, when clients fail on MAC filter, they get automatically switched to webAuth.

difference between #1 & #2

Web policy --> authentication, it can or can't be configured with mac filter, if mac filter enabled then it will be mandatory & can't fail to webauth like above, means it has to pass macfilter first and then webauth also.

the above scenario is irrespective of local/LDAP is used. user lookup kickin only the webauth is processed.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card