03-13-2014 03:07 PM - edited 07-05-2021 12:25 AM
Hello,
Is there a way to blacklist MAC addresses for violations on the 2504/5508 WLC without using the MAC filtering feature? I'm running 7.4.100.0.
Regards,
Terence
03-13-2014 11:52 PM
REf: https://supportforums.cisco.com/discussion/11722676/enable-mac-filtering-wlc-5508
03-14-2014 01:38 AM
Hi,
There is no other way to block the mac address by WLC.
You must have to use mac filter option to blacklist or you can use radius server(vlan based access Control).
Check 3.5 section:
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
Regards
Dont forget to rate helpful posts
03-14-2014 12:07 PM
I'm running 7.4.121.
On the WLC Security>AAA>Disabled Clients add each MAC individually. This blocks the MACs globally; all SSIDs on all APs on this WLC. The list of MACs will show up on the Monitor page in Disabled Clients.
With PI/NCS/WCS use a template to push the same list to multiple WLCs.
Edit: I don't know of a way to automatically "blacklist MAC addresses for violations."
03-14-2014 12:26 PM
Couldn't I just use an ACL on my WLC with a permit all statement with the last possible sequence number and then as I need to block specific clients just add them with a sequence number that comes before my permit all statement?
03-14-2014 01:36 PM
Dunno.. I suppose you could. I avoid ACLs at the WLC.
If you did this you would be inspecting associated client traffic at the WLC. By disabling the MAC, the traffic never hits the wire.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide