collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: Radius based MAC address Authentication with WLAN Controller and ISE  (Read 4462 times)

Offline bhatsy

  • Cisco Newbie
  • *
  • Posts: 14
  • Reputation: 0
    • View Profile
  • Certification: CCNP
Hi I wanted to see if I can get some help here. I am trying to Interoperate my WLAN Controller (Non Cisco) with Cisco ISE.

The scenario is as follows.
The Controller is sending RADIUS request with username= MAC address of the supplicant and password is "APC shared secret".
I have this MAC address configured as part of Internal Users on ISE.  I have verified that Shared secret between my Controller and ISE is same on both sides. I still get an authentication failure as below can some suggest what might be happening here ?

Steps
  11001 Received RADIUS Access-Request
  11017 RADIUS created a new session
  15049 Evaluating Policy Group
  15008 Evaluating Service Selection Policy
  15006 Matched Default Rule
  15041 Evaluating Identity Policy
  15006 Matched Default Rule
  15013 Selected Identity Source - Internal Endpoints
  24209 Looking up Endpoint in Internal Endpoints IDStore - 00:26:C6:30:52:84
  24211 Found Endpoint in Internal Endpoints IDStore
  22040 Wrong password or invalid shared secret
  22057 The advanced option that is configured for a failed authentication request is used
  22061 The 'Reject' advanced option is configured in case of a failed authentication request
  11003 Returned RADIUS Access-Reject

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 379
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
    • View Profile
  • Certification: CCIE
Re: Radius based MAC address Authentication with WLAN Controller and ISE
« Reply #1 on: April 25, 2014, 04:45:26 PM »
Could you confirm if the MAC address was added as a User Identity or Endpoint Identity and if you are using the corresponding Identity store for your authentication policy?

Offline bhatsy

  • Cisco Newbie
  • *
  • Posts: 14
  • Reputation: 0
    • View Profile
  • Certification: CCNP
Re: Radius based MAC address Authentication with WLAN Controller and ISE
« Reply #2 on: April 27, 2014, 06:34:01 PM »
Well as you can see ISE found the MAC address in the ID Store.

  24209 Looking up Endpoint in Internal Endpoints IDStore - 00:26:C6:30:52:84
  24211 Found Endpoint in Internal Endpoints IDStore

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 379
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
    • View Profile
  • Certification: CCIE
Re: Radius based MAC address Authentication with WLAN Controller and ISE
« Reply #3 on: April 28, 2014, 12:00:43 AM »
Have you tried using User Identity instead of Endpoint Identity? I do not recall being able to configure a password for an Endpoint.

Offline bhatsy

  • Cisco Newbie
  • *
  • Posts: 14
  • Reputation: 0
    • View Profile
  • Certification: CCNP
Re: Radius based MAC address Authentication with WLAN Controller and ISE
« Reply #4 on: April 28, 2014, 06:50:50 PM »
When you enter the endpoint identity it only allows you to enter a MAC address.

My question is do you have any videos which show how to configure Cisco WLC with a WLAN which does WPA2 802.1x & Radius based MAC filtering. Its kind of a 2 factor authententication.So only "Whitelisted" MAC addresses on ISE are able to authenticate against LDAP server with Windows username and password ?

Thanks for the rest of the videos you have posted they have been very helpful so far.

Offline bhatsy

  • Cisco Newbie
  • *
  • Posts: 14
  • Reputation: 0
    • View Profile
  • Certification: CCNP
Re: Radius based MAC address Authentication with WLAN Controller and ISE
« Reply #5 on: April 29, 2014, 03:44:26 PM »
Ok I got this working. We can close out this thread  :)

 

Related Topics

  Subject / Started by Replies Last post
10 Replies
5609 Views
Last post September 04, 2018, 08:20:52 PM
by MC
6 Replies
3614 Views
Last post July 18, 2014, 06:35:15 PM
by spark_rod
3 Replies
3035 Views
Last post January 13, 2015, 09:27:46 PM
by MC
3 Replies
1756 Views
Last post December 26, 2016, 09:22:24 PM
by MC
1 Replies
419 Views
Last post July 16, 2018, 08:23:09 PM
by MC

SimplePortal 2.3.5 © 2008-2012, SimplePortal