Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
70876
Views
35
Helpful
6
Replies

WLC - How to block a single client MAC address?

limtohsoon
Level 1
Level 1

‎12-25-2007 06:39 PM - edited ‎07-03-2021 03:08 PM

Hi Sir,

On a WLC (software version 4.1.185.0), how to block a single client MAC address?

I thought of using the SECURITY -> Disabled Clients. Is it right?

There are currently 250 users connected to the WLC. MAC Filtering is not a scalable solution because as I understand it, we have to specify all the legitimate MAC addresses in the local database.

Thank you.

B.Rgds,

Lim TS

3 people had this problem
Labels:
0 Helpful
6 Replies 6

Rob Huffman
Hall of Fame
Hall of Fame

‎12-26-2007 11:58 AM

Hi Lim,

As you have discovered, the Mac filtering on the WLC is an Allow (based on Mac address) rather than what you need which is a Deny (based on Mac address). I have not tried this feature but I think you are on the right track in using the Exclusion List (Blacklist) feature. Have a look;

Use SECURITY > AAA > Disabled Client then click New or MONITOR > Clients then click Disable to navigate to this page.

This page allows you to manually Exclusion List (blacklist) a client by MAC address.

Add the MAC Address and an optional Client Description for the client to be disabled.

--------------------------------------------------------------------------------

Note When you enter a client MAC address to be disabled, the Operating System checks that the MAC address is not one of the known Local Net clients ( Local Net Users), Authorized clients ( MAC Filtering), or Local Management users ( Local Management Users) MAC addresses. If the entered MAC address is on one of these three lists, the Operating System does not allow the MAC address to be manually disabled.

Hope this helps! Let us know.

Rob

Rene S.
Level 1
Level 1
In response to Rob Huffman

‎06-06-2014 01:48 AM

Ok, it's working. I forgot that disabling doesn't mean that the client will not keep attacking us.... Is there a way to acknowledge certain clients so we won't be notified when he attacks us? 
So after we disabled the client, we shouln't get any attack-messages regarding this client..
Thanks!

0 Helpful

MdShakilAhmed53232
Level 1
Level 1
In response to Rob Huffman

‎01-28-2020 10:48 AM

Thanks For Good Suggestion. 

0 Helpful

Rene S.
Level 1
Level 1

‎06-05-2014 10:17 PM

Hi, I've added the client MAC address to the disabled clients list, but I still get notifications that the client is sending out a lot of deauth messages.. Looks like the disabled clients list is not working.. Did it work for you?
0 Helpful

abwahid
Level 4
Level 4

‎06-13-2014 01:14 AM

Hi,

Go through below link for complete detail and configuration of MAC address filtering  on WLC.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html#backinfo

bbiandov
Level 1
Level 1

‎05-19-2021 06:09 AM - edited ‎05-19-2021 06:10 AM

Screen shot

disable-clients-on-WLC.png

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card