04-30-2012 12:18 PM - edited 07-03-2021 10:04 PM
We have a mix of 1231 and 1242 access points in an LWAPP environment. They are connected to WiSM controllers in our 6509's and are managed by a central WLC. Everything is running version 7.0.230. My question is can I apply MAC address filtering on a select group of AP's to restrict access to a specific SSID broadcast on these AP's without affecting other AP's also connected to the same WiSM? Thanks!
04-30-2012 12:36 PM
The MAC filtering is L2 security feature and is applied on a "per WLAN" basis. So, if you create a MAC filter list to be used by a WLAN; only clients trying to connect to "that" WLAN, regardless of AP/Radio, will hit the MAC filter list.
It almost sounds like you have a single WLAN, and you're asking can I make Group A APs have MAC filter, yet for the same WLAN, you want Group B APs to "not" have a MAC filter? If that's what you're asking, I'm not sure why you would want to do that, and I don't think you can accomodate that via the WLC.
If you simply want to MAC Filter clients on a particular WLAN, then enable the MAC filter on your L2 security for the WLAN, and then add the cilents to the list MAC filter list in the SECURITY section of your WLC.
If you want this "WLAN" to only be present on a group of APs, whereby MAC filtering will take place, then I would suggest using AP groups to specify which APs you want this WLAN to operate on.
04-30-2012 12:51 PM
I'm very green when it comes to this (but I'm learining!) but I think creating an AP group is the way to go. This particular WLAN serves up "guest" internet access and is applied to over 100 AP's connected to the WLC. I want to filter MAC's on 5 of those 100 AP's as they service a particular remote site and we only want a select group of client devcies to have access. So I can group those 5 AP's then apply the filtering to that group only?
04-30-2012 01:06 PM
You would need to create a separate WLAN for those particular APs. Because you want the "same" WLAN in all of these APs, but 5 APs in particular to MAC Filter, this wouldn't be an option via the WLC as the MAC filter option is a per-"WLAN" config, not a per-"AP" config.
You could have your 2 guest networks spread across your 100 APs as so.
1. Group A - contains 95 APs - Guest WLAN A, no MAC Filter
2. Group B - contains 5 APs - Guest WLAN B, with MAC Filter
David W.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide