Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
906
Views
6
Helpful
5
Replies
Highlighted
august70
Beginner
Beginner
‎07-24-2013 07:43 AM
‎07-24-2013 07:43 AM

Block clients from individual wlan

                I have 5508 with 2 WLANS  (corp, guest) I would like to be able to block certain users via MAC address from CORP but not guest.

Can this be done.

CORP is using WPA2+AES
GUEST is using Web Auth   ( guest is not setup as a "guest vlan" in the config, just a regular wlan.

TIA

Labels:
0 Helpful
Reply
5 REPLIES 5
Highlighted
Viten Patel
Cisco Employee
Cisco Employee
‎07-24-2013 11:52 AM
‎07-24-2013 11:52 AM

You can use mac filtering. Not the most secure way but can do the trick for most users. That said mac addresses can be easily spoofed.

Sent from Cisco Technical Support iPhone App

Reply
Highlighted
mmangat
Beginner
Beginner
‎07-24-2013 09:21 PM
‎07-24-2013 09:21 PM

Hello,

Like Viren said mac-address filtering is not the most secure way as they can be easily spoofed.

Why don't you try Peer-to-peer blocking.

Peer-to-peer blocking is applied to individual  WLANs, and each client inherits the peer-to-peer blocking setting of the  WLAN to which it is associated. Peer-to-Peer enables you to have more  control over how traffic is directed. For example, you can choose to  have traffic bridged locally within the controller, dropped by the controller, or forwarded to the upstream VLAN.

For more on this you can ckeck the following short cisco doc:

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/wlan/config_wlan_chapter_01010.html

Reply
Highlighted
august70
Beginner
Beginner
‎07-25-2013 08:50 AM
‎07-25-2013 08:50 AM

ok os I dont see either of these as being what I am looking for.
My problem is with personal device users connecting to my local corp network instead of guest.

All they have to do is enter their domain auth and they are on the corp network. I would to block them from doing so, but if I blacklist their MAC they are blocked from CORP and GUEST.
I am using Cisco ACS as auth via AD.

Reply
Highlighted
l.mourits
Contributor
Contributor
In response to august70
‎07-30-2013 02:45 AM
‎07-30-2013 02:45 AM

There is one way to achieve this. You can use client certificates on your corp ssid.

Reply
Highlighted
Amjad Abdullah
Engager
Engager
In response to august70
‎08-05-2013 01:11 AM
‎08-05-2013 01:11 AM

TIA,

I am not understanding how personal device users are connecting to the CORP WLAN if they don't have credentials? If they don't have credentials then they will not be able to connect to the WLAN.

If they have credentials then they are authorized to connect. What is the problem then?

Please clarify.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Reply
Latest Contents
Cisco AP AIR-CAP702I-E-K9
Created by sahara101 on 02-18-2021 05:39 AM
0
0
0
0
 Hello Community, I have an issue where APs do not connect to the WLC. Connection is made over VPN. Until yesterday all 3 APfailed with below errors. We change the LAN connection to a cisco router and now one of the AP magically connected to the... view more
Wireless Config Analyzer Express v 0.5.9
Created by Javier Contreras on 02-15-2021 09:27 AM
3
15
3
15
Where to download Attached files on this post Alternatively, cloud version (only summaries) General information: New implementation for the WLC Config Analyzer. it is a new re-write of the application, with clean up and improved checks Support for IOS... view more
**New Episode** Cisco Champion Radio: S8|E6 Fastlane+ Optimi...
Created by aalesna on 02-09-2021 10:20 AM
0
0
0
0
Cisco Champion Radio · S8|E6: Fastlane+ Optimizes Network and Device Communication Cisco Fastlane+ is a co-developed solution with Apple that significantly improves the experience of any Wi-Fi 6 capable iPhone or iPad connected to a Cisco Catalyst 9130 A... view more
IOS-XE 17.4.1 Blog
Created by SAY on 01-26-2021 12:19 AM
1
10
1
10
We are pleased to announce the immediate availability of the IOS-XE release 17.4.1 for the Catalyst Wireless Controllers. The new code is now posted on the CCO and can be found at this link: https://software.cisco.com/download/home/286316412/type/28204647... view more
How to manually connect a Cisco WLC to Cisco DNA Center for ...
Created by Richard Jang on 01-14-2021 05:50 PM
0
15
0
15
Table of Contents   Overview The purpose of this document is to provide step-by-step instructions regarding how to connect your read-only Catalyst 9800 WLC or AireOS WLC with Cisco DNA Center for Assurance monitoring through manual configuration. I... view more
Content for Community-Ad