Solved: Wireless Guest and mac authentication

gnijs · ‎11-30-2010

Hi all,

I want to setup a wifi guest network with mac based authentication.

I already have the guest anchor controller and the remote wlc controller (and the mobility tunnel) up and running.

However, i am uncertain where i have to program the mac addresses: on the remote wlc or on the guest controller ? (for local database mac)

It seems my authentication only works if i program the mac address of the 'remote' wlc (the wlc holding the AP).

This is a pitty, as i was hoping to centralise all "appoved" mac addresses on the guest controller and not on each individual wlc seperatly.

Also, suppose i want a radius server to validate the mac address. Which controller is going to sent the radius request ? the wlc controller

managing the AP or the guest anchor controller ?

Does the remote wlc also need to be configured with "Layer2 security: none"+"mac authentication" (the same as the anchor controller) or can i put "Layer2:none" and put the anchor controller on "Layer2: none"+mac authentication ?

regards,

Geert

Nicolas Darchis · ‎11-30-2010

Hi Geert,

The rule is straightforward : layer 2 is handled by foreign WLC (one holding the AP) and layer 3 handled by the anchor (the guest).

This means the anchor WLC handles the dhcp/ip address, it handles the web authentication etc ...

But only the foreign WLC knows which AP the client is associated to, it's the only one to have layer 2 information so that's the one doing layer 2 authentication (wpa psk or mac filtering).

The way to "centralize" for you would be to have the mac addresses on a radius server or to push the mac addresses on the controllers via WCS.

Hope this clarifies,

Nicolas

===

Don't forget to rate answers that you find useful

View solution in original post

Nicolas Darchis · ‎11-30-2010