Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9271
Views
5
Helpful
3
Replies

WLC Block Client Association

Go to solution
fdharmawan
Level 4
Level 4

‎09-07-2018 01:18 AM - edited ‎07-05-2021 09:08 AM

Hi Guys,

 

On my environment, I want to block several client's MAC addresses. The goal is to prevent those clients to connect to any SSID that are being broadcasted by the WLC.

 

I did some research. An article said that, it is possible by inserting the MAC addresses to disabled clients list (Security -> Disabled Clients -> Manual Disable). But some other article said that it is possible by inserting the MAC addresses on CLI by issuing "config exclusionlist add 12:34:56:65:43:21" command.

 

My question is, which one of those two method that will work to prevent the client to connect to any SSID? Or maybe those two methods actually are the same thing?

And if I apply the config, will the AP go down for a while? Like when altering some element on an SSID.

 

I haven't tested any since my environment is operational 24/7 and I don't have any lab to test or some sort. I just don't want to make a mess by bringing the WiFi down since WiFi is our main connection and the availability of cables are minimal.

 

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-07-2018 01:23 AM - edited ‎09-07-2018 01:30 AM

Hi,

Information: 

Client exclusion might be enabled or disabled on a per-WLAN basis. By default it is enabled with a timeout of 60 seconds.

 

 

My question is, which one of those two method that will work to prevent the client to connect to any SSID? Or maybe those two methods actually are the same thing?

You need to disable the clients by adding in the list. 

 

And if I apply the config, will the AP go down for a while? Like when altering some element on an SSID.

 

no it will not impact to AP.

 

Info: us etheis command to disbale it: config config <MAC address> Name 

Regards

Dont forget to rate helpful posts

View solution in original post

3 Replies 3

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-07-2018 01:23 AM - edited ‎09-07-2018 01:30 AM

Hi,

Information: 

Client exclusion might be enabled or disabled on a per-WLAN basis. By default it is enabled with a timeout of 60 seconds.

 

 

My question is, which one of those two method that will work to prevent the client to connect to any SSID? Or maybe those two methods actually are the same thing?

You need to disable the clients by adding in the list. 

 

And if I apply the config, will the AP go down for a while? Like when altering some element on an SSID.

 

no it will not impact to AP.

 

Info: us etheis command to disbale it: config config <MAC address> Name 

Regards

Dont forget to rate helpful posts

Go to solution
fdharmawan
Level 4
Level 4
In response to Sandeep Choudhary

‎09-07-2018 04:55 AM

Hi Sandeep,

 

By adding on which list? On the CLI on or the GUI one? Or are those two refers to the same list?

 

And command that you're talking about, what is that for?

 

Thank you.

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to fdharmawan

‎09-07-2018 05:48 AM

Disable via GUI and command I mentioned in above post are for same purpose.( To block the cliyto associate from any wlan)

 

Regards

Don't forget to rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card