cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
165
Views
0
Helpful
1
Replies

Aironet 1852i - MAC filtering - Allow all except X,Y,Z

PLScott
Level 1
Level 1

Hello,

We are using 3 Aironet 1852i APs running 8.10.185 configured as ME Capable and hosting 2 WLANs (PROD & OTHER) tagged to 2 different VLANs. I'm trying to setup MAC filtering on the OTHER network so none of the internal laptops connect to it by accident (or user error). From the Mobility Express portal I've enabled MAC filtering on the OTHER WLAN and entered the MAC addresses in the WLAN Users / Local MAC Addresses tab. For each MAC address, I selected type BlackList. The internal laptops are blocked so it seems to be working but so all other devices that are not specifically entered in the WLAN Users list with type set to WhiteList. I don't want to have to allow each other device individually. How may I setup MAC filtering on the OTHER WLAN to behave like a "Allow all except X,Y,Z"?

Thank you for your time and comments

1 Reply 1

Rich R
VIP
VIP

MAC address filtering really isn't a great way to enforce security at all - not least because any device can change MAC address to bypass the filters.  I suspect what you want to do isn't possible on ME that way (although I've never tried it myself).

You could possibly do it using 802.1x with ISE but if you were going to do that then you could do it by user or machine ID instead of MAC address and then use VLAN override to make sure the right users land in the right VLAN.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html
https://community.cisco.com/t5/network-access-control/cisco-wlc-mac-filtering-integration-with-ise-and-802-1x/td-p/4463150

Review Cisco Networking for a $25 gift card