MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

chyanchae
Just browsing

MR Wireless Authentication, 1 SSID and RADIUS + MAC Filtering

Hi

I am trying to build MR WIRELESS.

 

Unlike the existing Aironet, Meraki does not seem to support 1 SSID RADIUS + MAC Filtering in the authentication method, but I am wondering if there is a separate method. We intend to do both RADIUS and MAB authentication through ISE.

 

Thank you

4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal

I am not sure what you mean as MAC-filtering is done through RADIUS. So that will work. Or do you want to use PSK combined with MAC-filtering? There is no obvious option, but it still can be easily achieved. I wrote a small blog-post about how to implement it: Meraki WLAN MAC-based access control with PSK.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
chyanchae
Just browsing

Hi

 

Existing CISCO WLC supports 802.1X (AD) + MAC filtering authentication method through ISE authentication server, both of which require the client to pass authentication before connecting to the wireless SSID.

 

But from my understanding Meraki doesn't seem to support 802.1X(AD) + MAC Filtering via ISE.

 

I'm wondering if I misunderstood it or if there is another way to set it up.

KarstenI
Kind of a big deal
Kind of a big deal

Ah, now I understand what you need. I never used that combination on the WLC, but with 802.1X, the ISE always sees the MAC-address of the client as the calling-station-id. You can reference that in your authorization-rules.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
chyanchae
Just browsing

I'm running ISE 2.4 and I have a separate group of endpoints (about 20000 devices). I wanted to set the policy through the RADIUS Called-Station-ID value, but I could not specify the endpoint group and entered the MAC address value, so the policy setting for about 20000 devices is not efficient.

 

Can you give an example of a ISE policy?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels