Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
5
Helpful
5
Replies

WLAN MAC filtering engaging domain controller

Go to solution
david.worthington
Level 1
Level 1

‎01-24-2017 10:17 AM - edited ‎03-08-2019 09:02 AM

Hi all,

We have a CISCO WLAN device that has an "employee" BYOD network. We started MAC filtering on "employee" to limit access due to bandwidth concerns. Our Windows domain controller is now getting radius requests from MACs that aren't on the whitelist with the MAC as the users name. The employee network is set up to receive DHCP/IP info from the DC, but we don't want radius authentication. The MACs are being used as user names. Only our separate "secure" network for laptops automatically logs in and authenticates against active directory. How do we stop this behavior?

We don't need a radius server for "employee" - it can authenticate against the whitelist on the WLAN's database.

Screenshots of current settings are attached. Thanks.

Regards,


David

Labels:
Preview file
128 KB
Preview file
101 KB
Preview file
150 KB
Preview file
170 KB
Preview file
144 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to david.worthington

‎01-24-2017 12:52 PM

Hello,

there are no authentication servers configured anyway, so you might as well turn it off, since none of the other users need it either.

I am thinking, is there a way to deny RADIUS requests (usually coming from port 1645 or 1812) on the Windows DC ?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Georg Pauwen
VIP
VIP

‎01-24-2017 12:21 PM

Hello,

I am not clear on what you are asking. You don't want users from the 'employee' network to send RADIUS authentication requests to the Windows DC ?

Go to solution
david.worthington
Level 1
Level 1
In response to Georg Pauwen

‎01-24-2017 12:27 PM

Hi Georg,

Thats exactly right  - only the local database for MAC filtering. I'm afraid to turn off the radius server that's under the WLAN Security tab for fear of breaking the 'secure' network for laptops. The 'employee' WLAN security settings have authentication checked, so maybe just uncheck there? ...We're between networking people.

Thanks  

regards,

david 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to david.worthington

‎01-24-2017 12:52 PM

Hello,

there are no authentication servers configured anyway, so you might as well turn it off, since none of the other users need it either.

I am thinking, is there a way to deny RADIUS requests (usually coming from port 1645 or 1812) on the Windows DC ?

0 Helpful

Go to solution
david.worthington
Level 1
Level 1
In response to Georg Pauwen

‎01-24-2017 01:02 PM

I'll give it a shot. Thank you. 

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-24-2017 01:41 PM

Hello
Under the "employee" ssid layer 2 security tab try disabling L2 altogether and just have mac-filtering enabled, also you shouldn't have radius enabled for that ssid, This can be turned off.

I am assuming  you are want the WLC to preform the white listing? - If so then If i remember you need to specify that from under the controllers security tab

At present I don't have access to our WLC's to verify

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card