cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
906
Views
6
Helpful
5
Replies
Highlighted
Beginner

Block clients from individual wlan

                I have 5508 with 2 WLANS  (corp, guest) I would like to be able to block certain users via MAC address from CORP but not guest.

Can this be done.

CORP is using WPA2+AES
GUEST is using Web Auth   ( guest is not setup as a "guest vlan" in the config, just a regular wlan.

TIA

5 REPLIES 5
Highlighted
Cisco Employee

You can use mac filtering. Not the most secure way but can do the trick for most users. That said mac addresses can be easily spoofed.

Sent from Cisco Technical Support iPhone App

Highlighted
Beginner

Hello,

Like Viren said mac-address filtering is not the most secure way as they can be easily spoofed.

Why don't you try Peer-to-peer blocking.

Peer-to-peer blocking is applied to individual  WLANs, and each client inherits the peer-to-peer blocking setting of the  WLAN to which it is associated. Peer-to-Peer enables you to have more  control over how traffic is directed. For example, you can choose to  have traffic bridged locally within the controller, dropped by the controller, or forwarded to the upstream VLAN.

For more on this you can ckeck the following short cisco doc:

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/wlan/config_wlan_chapter_01010.html

Highlighted
Beginner

ok os I dont see either of these as being what I am looking for.
My problem is with personal device users connecting to my local corp network instead of guest.

All they have to do is enter their domain auth and they are on the corp network. I would to block them from doing so, but if I blacklist their MAC they are blocked from CORP and GUEST.
I am using Cisco ACS as auth via AD.

Highlighted

There is one way to achieve this. You can use client certificates on your corp ssid.

Highlighted

TIA,

I am not understanding how personal device users are connecting to the CORP WLAN if they don't have credentials? If they don't have credentials then they will not be able to connect to the WLAN.

If they have credentials then they are authorized to connect. What is the problem then?

Please clarify.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"
Content for Community-Ad