Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

chyanchae
Just browsing
‎Mar 24 2021 11:31 PM
‎Mar 24 2021 11:31 PM

MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

Hi

I am trying to build MR WIRELESS.

 

Unlike the existing Aironet, Meraki does not seem to support 1 SSID RADIUS + MAC Filtering in the authentication method, but I am wondering if there is a separate method. We intend to do both RADIUS and MAB authentication through ISE.

 

Thank you

0 Kudos
Subscribe
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 25 2021 4:51 AM
‎Mar 25 2021 4:51 AM

I am not sure what you mean as MAC-filtering is done through RADIUS. So that will work. Or do you want to use PSK combined with MAC-filtering? There is no obvious option, but it still can be easily achieved. I wrote a small blog-post about how to implement it: Meraki WLAN MAC-based access control with PSK.

0 Kudos
Subscribe
In response to KarstenI
chyanchae
Just browsing
‎Mar 25 2021 7:36 AM
‎Mar 25 2021 7:36 AM

Hi

 

Existing CISCO WLC supports 802.1X (AD) + MAC filtering authentication method through ISE authentication server, both of which require the client to pass authentication before connecting to the wireless SSID.

 

But from my understanding Meraki doesn't seem to support 802.1X(AD) + MAC Filtering via ISE.

 

I'm wondering if I misunderstood it or if there is another way to set it up.

0 Kudos
Subscribe
In response to chyanchae
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 25 2021 7:44 AM
‎Mar 25 2021 7:44 AM

Ah, now I understand what you need. I never used that combination on the WLC, but with 802.1X, the ISE always sees the MAC-address of the client as the calling-station-id. You can reference that in your authorization-rules.

0 Kudos
Subscribe
In response to KarstenI
chyanchae
Just browsing
‎Mar 25 2021 8:02 AM
‎Mar 25 2021 8:02 AM

I'm running ISE 2.4 and I have a separate group of endpoints (about 20000 devices). I wanted to set the policy through the RADIUS Called-Station-ID value, but I could not specify the endpoint group and entered the MAC address value, so the policy setting for about 20000 devices is not efficient.

 

Can you give an example of a ISE policy?

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.