Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2658
Views
0
Helpful
8
Replies

Aironet 2802I MAC filter on Mobility Express mode

Go to solution
HuyDC
Level 1
Level 1

‎05-14-2020 06:08 PM - edited ‎07-05-2021 12:03 PM

Dear all,

 

Please help me resolve this situation, I am created WLAN form last year. Now I enable MAC filter on this WLAN in WLAN security setting & try to add MAC address by both GUI & CLI (I am not disable WLAN when I configured)

I am using show macfilter summary/show macfilter mesh then I saw Local MAC address have a records

But when I come back WLAN security tab on WLAN setting, it show up that Local MAC address table is empty and it cause lost connection and MAC filter not working right.

So could you tell me, what's happened here ? Does I need to disable WLAN when I configure ? Or anything need to do to MAC filter working ? Please kindly let me know the solutions

 

Update: This matter has been resolved by the way below. But even though I can filter MAC but in WLAN Security still show me Local MAC address is empty.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
.Jaidev Hattiangadi.
Cisco Employee
Cisco Employee

‎05-14-2020 07:02 PM

If the WLAN needs to be disabled, the cli will tell you that and will not allow the config to be made in the first place until the WLAN is disabled.

What version is the mobility express controller on? 

Configuration via the GUI is only available beyond 8.4. Use the document below for the config from the CLI

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html#CLI-Config

View solution in original post

0 Helpful
8 Replies 8

Go to solution
.Jaidev Hattiangadi.
Cisco Employee
Cisco Employee

‎05-14-2020 07:02 PM

If the WLAN needs to be disabled, the cli will tell you that and will not allow the config to be made in the first place until the WLAN is disabled.

What version is the mobility express controller on? 

Configuration via the GUI is only available beyond 8.4. Use the document below for the config from the CLI

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html#CLI-Config

0 Helpful

Go to solution
HuyDC
Level 1
Level 1
In response to .Jaidev Hattiangadi.

‎05-14-2020 07:50 PM - edited ‎05-14-2020 08:00 PM

I am using OS 8.5.140

First I was use GUI to configure, it not working, it always show me that the Local Mac address table is empty

After that I tried to configure by CLI, but it still not working

Whether we need the IP address on this command or not

config macfilter add 00:E0:77:31:A3:55 1 lab02 "labconnect" 10.92.125.51

0 Helpful

Go to solution
.Jaidev Hattiangadi.
Cisco Employee
Cisco Employee
In response to HuyDC

‎05-14-2020 08:44 PM

The IP address is for passive clients most times. The description is optional and so is the interface name. Just the below command should work

 

config macfilter add <mac address> <WLAN ID>

 

Ensure the mac address is in aa:aa:aa:aa:aa:aa format. Paste any error that you receive on the cli, along with the commands used.

0 Helpful

Go to solution
HuyDC
Level 1
Level 1
In response to .Jaidev Hattiangadi.

‎05-14-2020 08:57 PM

Hi JD,

Ensure the mac address is in aa:aa:aa:aa:aa:aa format. Paste any error that you receive on the cli, along with the commands used

I didn't get any error on CLI, just even though I added some MAC into Local MAC address so when I come to WAN setting -> Security tab so it still show me that the Local MAC address table is empty. Every client still can access WLAN normally

For sure, I issued this command: config macfilter MAC-delimiter colon.

Could you please explain the Whitelist and Blacklist meaning also ?

0 Helpful

Go to solution
HuyDC
Level 1
Level 1
In response to .Jaidev Hattiangadi.

‎05-14-2020 09:03 PM

Local MAC.JPG

 

WLAN.JPG

 

0 Helpful

Go to solution
HuyDC
Level 1
Level 1
In response to Scott Fella

‎05-15-2020 12:51 AM

Hello, 

I tried to follows that post, but same issue my laptop still can access WLAN normally even though i didn't add my MAC address 

I tried add some another MAC to also but it still show up Local Mac address is empty 

0 Helpful

Go to solution
.Jaidev Hattiangadi.
Cisco Employee
Cisco Employee

‎05-15-2020 02:52 AM

A mac filter is "Allow" by default, i.e, mac addresses added in the list are all allowed. Blacklisting is what needs to be done when you intend to block certain mac addresses from accessing the WLAN.

 

As far as the error you see on the GUI is concerned, seems cosmetic to me. Matches the below bug

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf37061

 

I'd say, move to a TAC recommended version for a fix.

 

Cheers!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card