cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3405
Views
10
Helpful
14
Replies

Mobility Express WPA2 Personal + AAA Override

049dtrapp
Level 1
Level 1

Hello,

 

on our WLC's (8510 + 2504s) we are using WPA2 Personal together with Mac Filtering and AAA Override.

This config helps us to bring Devices flexible into the Network, like MAB on the Wired Side.

I've tried to configure that on our Mobility Express (2802e ME Version 8.7) without success. I can enable AAA Override, and MAC Filtering but i can't add any Radius Server to the WLAN (enable MAC Filtering likes to have local configured MAC Adresses).

In addition i've configured the Radius Server via CLI to the WLAn without success.

Any ideas? Is this possible on the ME?

 

Thanks for your answers in advance

 

Dirk

 

1 Accepted Solution

Accepted Solutions

Hi,

it tooks a while but now we've tested the config into our production environment, and it is working!

Thank you for your help!

 

Best regards

Dirk

View solution in original post

14 Replies 14

049dtrapp
Level 1
Level 1

No one with an idea for this issue?

 

Dirk

Sandeep Choudhary
VIP Alumni
VIP Alumni

which software you are running on ME AP ?

 

I have 8.5.120 and can enable MAC filtering and have a option to add RADIUS server as well.

 

Regards

Dont forget to rate helpful posts

Hi Sandeep,

 

we are running 8.7.106 on the ME.

When I enable MAC Filtering then there is a advice

"Local MAC Addresses' list is empty, which will result in loss of connectivity for this SSID"

That's all.

No "add Option" for the Radius Server at the WLAN Security Tab.

 

Regards Dirk

 

 

After enabling MAC Filerting Tab, did you select the secutrity type to WPA2 Enterprise ?

 

Regards

Dont forget to rate helpful posts

 

 

No.

because the Idea is to use the WPA Personal with static Passphrase before the Radius Authentication via MAC occurs.

Thats what we are doing on our 2504 and the 8510 WLC we are having.

Agree.

Not much option available via GUI.

You must try with CLI if its possoible or not!!

 

Regards

Dont forget to rate helpful posts

To be honest:I did that already.

I've configured the Radius Server to the SSID without Success...

Ok i will test in my LAB .....and let you know the result.

 

 

 

Regards

UPDATE: I tried in my lab and its working.

 

WPA2- personal with MAC filtering/AAA Override and radius server configuration under wlan on 1832 AP.

Great!

You configured this on the CLI?

Could you provide me the relevant part of the Config?

Seams that i forgott something

 

Hi,

Here are my config:

 

config wlan create 4 TEST TEST
config wlan security wpa wpa2 ciphers aes enable 4
config wlan security wpa akm 802.1x disable 4
config wlan security wpa akm psk enable 4
config wlan security wpa akm psk set-key ascii cisco123 4
config wlan aaa-override enable 4
config wlan mac-filtering enable 4


first add ISE server in ME AP

then use these commands:

config wlan radius_server auth enable 4
config wlan radius_server acct enable 4

 

it will work for you if you setup the correct policies in ISE.

 

Regards
Dont forgetto rate helpful posts

 

 

 

 

Hi,

 

thank you for your Config.

It is working now in my LAB.

And what i forgot to tell even with VLAN rewrite via Radius!

We are using an alternative NAC Radius Server based on Freeradius here.

Finaly i've to wait for the test into our Production Environment. Only difference here is that we are using two Radius Servers for additional SSID's

After final testing i will inform.

Hi,

it tooks a while but now we've tested the config into our production environment, and it is working!

Thank you for your help!

 

Best regards

Dirk

Glad it worked.

 

 

 

Regards

Please rate all helpful posts and mark reply post as answered(Not yours)

Review Cisco Networking for a $25 gift card