01-30-2003 01:21 PM - edited 07-04-2021 08:29 AM
Using AP1200 with 12.01T code
Cisco documentation states that a client whose mac address is disallowed via a mac address filter will not be able to associate to the access point. I have tested this by allowing only one (out of two) MAC address and changing the default Unicast Address Filter setting to Disallowed. I consistently see the state in the association table as assoc, blocked, which to me means association was permited, but traffic is blocked.
The ACU screen on the client shows a continuous bounce between associated and not associated.
When I change the implementation of the MAC filter to disallow the MAC address, but the default Unicast Address Filter is set to allow, then it works as per the documentation.
Why do I see a difference in the Association Table? Both methods should serve the same end, should they not?
thanks much.
01-30-2003 05:35 PM
Hi,
Point 1 - In 12.0 the ethernet advanced properties show blocking state when no clients are associated to the AP.
Point 2- Client devices with the blocked MAC Addresses cannot send or receive data thorugh the AP, but they might remain in the association table as unauthenticated client devices, these devices will disappear from the association table when the ap stops monitoring them or they get associated to some other AP.
01-30-2003 07:07 PM
regarding your point 1 - the assoc, blocked is shown in the status column of the association table for the client device, not in the ethernet advances properties.
re: point 2 - the client status shows as assoc, which means they have already passed thru the authentication process. And the ACU shows associated status on the filtered client. Even after rebooting the AP, it still comes back the same way.
Thanks for the reply, but the question remains.....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide