Security

Reply
Occasional Contributor I

Automatic MAC account creatation from Cisco WLC

We are creating a BYOD network and below is what we need our Amigopod to do.

Have any of you tried this? 

 

1) First time user attempts to connect to byod_ssid they are presented with captive portal page that requests AD credentials.  In the back ground users MAC address needs to be captured.

2) All subsequent connections to byod_ssid are MAC authenticated.

 

this process works really well with users connected to the Aruba controller by following this guide.  amigopodTechNoteAutoMACAuthAccount.pdf

 

However I have some Cisco WLC connected users who need to have this same experiance.  I am not finding any documentation on this process from the Cisco side.  What do you think?  Is it possible? 

Thanks!

Moderator

Re: Automatic MAC account creatation from Cisco WLC

The basis of this feature is the ability to setup your SSID to perform RADIUS MAC Authentication with fall back to Captive Portal (or Web Auth in Cisco speak). I believe this is a relatively new feature for Cisco in one of the 7.x software releases so I would suggest checking the release notes for your deployed software version on your WLC.

 

Beyond that the theory in Amigopod will still be the same that the client's MAC address should be able in the RADIUS Access-Request packet sent from the Cisco WLC to Amigopod. This is used as part of the MAC Caching solution on Amigopod.

 

Let us know how you go on this setup, I am sure other would be interested in your results here on the Airheads Forum.

Occasional Contributor I

Re: Automatic MAC account creatation from Cisco WLC

cam is exactly right.   I had to upgrade the WLC to 7.0.xx  to gain functionality that allows clients to fall back to Web Authentication after MAC authentication fails. 

 

The only caveat that I would add is this.  The WLC will ONLY pass the MAC with all letters being lowercase.  By default the Aruba wants to send the MAC with uppercase letters. And Amigopod only accepts MACs with capital letters...

 

 So,  I had to change the Aruba controller to send in lowercase, then I modified the guest account creation form in Amigopod to accept lowercase letters in the MAC.  To change that form in the Amigopod i basically had to turn off the "NwaNormalizeMacAddress"  code that it ran the MAC through...    

It was a messy config full of trial and error, but now that its done it works very well.  Maybe a step by step guide is in order?  ;) 

 

 

Occasional Contributor II

Re: Automatic MAC account creatation from Cisco WLC

Hi Drivert,

 

would you please share the mac auth expression to work with Cisco WLC.

 

im not quite clear on how to turn off the "NwaNormalizeMacAddress"

 

Thanks

Hendro

Aruba Employee

Re: Automatic MAC account creatation from Cisco WLC

Although disabling NwaNormalizeMacAddress is an option, you don't need to do this.  A better option is to modify how the function normalizes the MAC address.  You have control of the MAC address normalization in the

MAC Authentication Plugin.  To get to the configuration, go to Administrator -> Plugin Manager -> Manage Plugins and find the MAC Authentication Plugin.  Click the configure link and there will be options for MAC Separator and Case.  Set the case option to lower so all new MACs that are created are lowercase.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: