I have 5508 with 2 WLANS (corp, guest) I would like to be able to block certain users via MAC address from CORP but not guest.
Can this be done.
CORP is using WPA2+AES
GUEST is using Web Auth ( guest is not setup as a "guest vlan" in the config, just a regular wlan.
You can use mac filtering. Not the most secure way but can do the trick for most users. That said mac addresses can be easily spoofed.
Sent from Cisco Technical Support iPhone App
Like Viren said mac-address filtering is not the most secure way as they can be easily spoofed.
Why don't you try Peer-to-peer blocking.
Peer-to-peer blocking is applied to individual WLANs, and each client inherits the peer-to-peer blocking setting of the WLAN to which it is associated. Peer-to-Peer enables you to have more control over how traffic is directed. For example, you can choose to have traffic bridged locally within the controller, dropped by the controller, or forwarded to the upstream VLAN.
For more on this you can ckeck the following short cisco doc:
ok os I dont see either of these as being what I am looking for.
My problem is with personal device users connecting to my local corp network instead of guest.
All they have to do is enter their domain auth and they are on the corp network. I would to block them from doing so, but if I blacklist their MAC they are blocked from CORP and GUEST.
I am using Cisco ACS as auth via AD.
I am not understanding how personal device users are connecting to the CORP WLAN if they don't have credentials? If they don't have credentials then they will not be able to connect to the WLAN.
If they have credentials then they are authorized to connect. What is the problem then?