Solved: Re: Mobility Express WPA2 Personal + AAA Override

049dtrapp · ‎09-05-2018

Hello,

on our WLC's (8510 + 2504s) we are using WPA2 Personal together with Mac Filtering and AAA Override.

This config helps us to bring Devices flexible into the Network, like MAB on the Wired Side.

I've tried to configure that on our Mobility Express (2802e ME Version 8.7) without success. I can enable AAA Override, and MAC Filtering but i can't add any Radius Server to the WLAN (enable MAC Filtering likes to have local configured MAC Adresses).

In addition i've configured the Radius Server via CLI to the WLAn without success.

Any ideas? Is this possible on the ME?

Thanks for your answers in advance

Dirk

049dtrapp · ‎10-11-2018

Hi,

it tooks a while but now we've tested the config into our production environment, and it is working!

Thank you for your help!

Best regards

Dirk

View solution in original post

049dtrapp · ‎09-12-2018

No one with an idea for this issue?

Dirk

Sandeep Choudhary · ‎09-12-2018

which software you are running on ME AP ?

I have 8.5.120 and can enable MAC filtering and have a option to add RADIUS server as well.

Regards

Dont forget to rate helpful posts

049dtrapp · ‎09-12-2018

Hi Sandeep,

we are running 8.7.106 on the ME.

When I enable MAC Filtering then there is a advice

"Local MAC Addresses' list is empty, which will result in loss of connectivity for this SSID"

That's all.

No "add Option" for the Radius Server at the WLAN Security Tab.

Regards Dirk

Sandeep Choudhary · ‎09-12-2018

After enabling MAC Filerting Tab, did you select the secutrity type to WPA2 Enterprise ?

Regards

Dont forget to rate helpful posts

049dtrapp · ‎09-12-2018

No.

because the Idea is to use the WPA Personal with static Passphrase before the Radius Authentication via MAC occurs.

Thats what we are doing on our 2504 and the 8510 WLC we are having.

Sandeep Choudhary · ‎09-12-2018

Agree.

Not much option available via GUI.

You must try with CLI if its possoible or not!!

Regards

Dont forget to rate helpful posts

049dtrapp · ‎09-12-2018

To be honest:I did that already.

I've configured the Radius Server to the SSID without Success...

Sandeep Choudhary · ‎09-12-2018

Ok i will test in my LAB .....and let you know the result.

Regards

Sandeep Choudhary · ‎09-12-2018

UPDATE: I tried in my lab and its working.

WPA2- personal with MAC filtering/AAA Override and radius server configuration under wlan on 1832 AP.

049dtrapp · ‎09-12-2018

Great!

You configured this on the CLI?

Could you provide me the relevant part of the Config?

Seams that i forgott something

Sandeep Choudhary · ‎09-12-2018

Hi,

Here are my config:

config wlan create 4 TEST TEST
config wlan security wpa wpa2 ciphers aes enable 4
config wlan security wpa akm 802.1x disable 4
config wlan security wpa akm psk enable 4
config wlan security wpa akm psk set-key ascii cisco123 4
config wlan aaa-override enable 4
config wlan mac-filtering enable 4

first add ISE server in ME AP

then use these commands:

config wlan radius_server auth enable 4
config wlan radius_server acct enable 4

it will work for you if you setup the correct policies in ISE.

Regards
Dont forgetto rate helpful posts

049dtrapp · ‎09-13-2018

Hi,

thank you for your Config.

It is working now in my LAB.

And what i forgot to tell even with VLAN rewrite via Radius!

We are using an alternative NAC Radius Server based on Freeradius here.

Finaly i've to wait for the test into our Production Environment. Only difference here is that we are using two Radius Servers for additional SSID's

After final testing i will inform.

049dtrapp · ‎10-11-2018

Hi,

it tooks a while but now we've tested the config into our production environment, and it is working!

Thank you for your help!

Best regards

Dirk

Sandeep Choudhary · ‎10-11-2018

Glad it worked.

Regards

Please rate all helpful posts and mark reply post as answered(Not yours)