Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1228
Views
6
Helpful
5
Replies

Block clients from individual wlan

august70
Level 1
Level 1

‎07-24-2013 07:43 AM - edited ‎07-04-2021 12:30 AM

                I have 5508 with 2 WLANS  (corp, guest) I would like to be able to block certain users via MAC address from CORP but not guest.

Can this be done.

CORP is using WPA2+AES
GUEST is using Web Auth   ( guest is not setup as a "guest vlan" in the config, just a regular wlan.

TIA

Labels:
0 Helpful
5 Replies 5

Viten Patel
Cisco Employee
Cisco Employee

‎07-24-2013 11:52 AM

You can use mac filtering. Not the most secure way but can do the trick for most users. That said mac addresses can be easily spoofed.

Sent from Cisco Technical Support iPhone App

mmangat
Level 1
Level 1

‎07-24-2013 09:21 PM

Hello,

Like Viren said mac-address filtering is not the most secure way as they can be easily spoofed.

Why don't you try Peer-to-peer blocking.

Peer-to-peer blocking is applied to individual  WLANs, and each client inherits the peer-to-peer blocking setting of the  WLAN to which it is associated. Peer-to-Peer enables you to have more  control over how traffic is directed. For example, you can choose to  have traffic bridged locally within the controller, dropped by the controller, or forwarded to the upstream VLAN.

For more on this you can ckeck the following short cisco doc:

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/wlan/config_wlan_chapter_01010.html

august70
Level 1
Level 1

‎07-25-2013 08:50 AM

ok os I dont see either of these as being what I am looking for.
My problem is with personal device users connecting to my local corp network instead of guest.

All they have to do is enter their domain auth and they are on the corp network. I would to block them from doing so, but if I blacklist their MAC they are blocked from CORP and GUEST.
I am using Cisco ACS as auth via AD.

l.mourits
Level 5
Level 5
In response to august70

‎07-30-2013 02:45 AM

There is one way to achieve this. You can use client certificates on your corp ssid.

Amjad Abdullah
VIP Alumni
VIP Alumni
In response to august70

‎08-05-2013 01:11 AM

TIA,

I am not understanding how personal device users are connecting to the CORP WLAN if they don't have credentials? If they don't have credentials then they will not be able to connect to the WLAN.

If they have credentials then they are authorized to connect. What is the problem then?

Please clarify.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card