MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

chyanchae
Just browsing

MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

Hi

I am trying to build MR WIRELESS.

 

Unlike the existing Aironet, Meraki does not seem to support 1 SSID RADIUS + MAC Filtering in the authentication method, but I am wondering if there is a separate method. We intend to do both RADIUS and MAB authentication through ISE.

 

Thank you

4 REPLIES 4
KarstenI
Head in the Cloud

Re: MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

I am not sure what you mean as MAC-filtering is done through RADIUS. So that will work. Or do you want to use PSK combined with MAC-filtering? There is no obvious option, but it still can be easily achieved. I wrote a small blog-post about how to implement it: Meraki WLAN MAC-based access control with PSK.

chyanchae
Just browsing

Re: MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

Hi

 

Existing CISCO WLC supports 802.1X (AD) + MAC filtering authentication method through ISE authentication server, both of which require the client to pass authentication before connecting to the wireless SSID.

 

But from my understanding Meraki doesn't seem to support 802.1X(AD) + MAC Filtering via ISE.

 

I'm wondering if I misunderstood it or if there is another way to set it up.

KarstenI
Head in the Cloud

Re: MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

Ah, now I understand what you need. I never used that combination on the WLC, but with 802.1X, the ISE always sees the MAC-address of the client as the calling-station-id. You can reference that in your authorization-rules.

chyanchae
Just browsing

Re: MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

I'm running ISE 2.4 and I have a separate group of endpoints (about 20000 devices). I wanted to set the policy through the RADIUS Called-Station-ID value, but I could not specify the endpoint group and entered the MAC address value, so the policy setting for about 20000 devices is not efficient.

 

Can you give an example of a ISE policy?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.