I’ve a cisco wlc with 2 ssid’s going to ucs for radius auth.
lets’ call them ‘no-mac-auth’ and ‘mac-auth’.
now we want to add mac filtering to radius via radius/mac/whitelisting
to the ‘mac-auth’ network but for ‘no-mac-auth’ network also radius auth but without mac filter - only user/pass.
I’ve already tried to add a ucr registry policy with radius/mac/whitelisting: false
on a ldap ou container but it seems the radius/mac/whitelisting
is a global parameter and has no effect anywhere else.
Is this scenario even possible with ucs ?
Hello,
@boospy @6uellerBpanda any of you are able to get this working?
@boospy thanks for the link… i assume the first code is a little bug usr instead or ucr.
I can’t understand german so i use google translate.
One more question, do you know how to use if possible vlan? From the docs it will be possible in ucs5 but i still use ucs 4
Also in your example the
cp /etc/freeradius/3.0/mods-enabled/ldap /etc/freeradius/3.0/mods-enabled/ldap_backup_orig
Should’nt be used at least for now the ldap file is a symbolic link and eexcute that command will duplicate the ldap module
Thanks
@boospy isn’t clear to me how it will allow two ssids…
The vlan and ssid configs here are only on the Fortigate Firewall/Fortiap’s. With UCS LDAP Groups i can allow them. Did you mean that?
@boospy nop.
What i’m try is have only have one ssid and based on device/user/group set the vlan id
in UCS 5 that is possible via GUI … but i’m sill on UCS 4

From your example you must have one ssid for each vlan id right?
Yes sorry. that is what i have confgured here.