Create a Blacklist for MAC addresses

Terence Lockette · ‎03-13-2014

Hello,

Is there a way to blacklist MAC addresses for violations on the 2504/5508 WLC without using the MAC filtering feature? I'm running 7.4.100.0.

Regards,

Terence

Naveen Kumar · ‎03-13-2014

REf: https://supportforums.cisco.com/discussion/11722676/enable-mac-filtering-wlc-5508

Sandeep Choudhary · ‎03-14-2014

Hi,

There is no other way to block the mac address by WLC.

You must have to use mac filter option to blacklist or you can use radius server(vlan based access Control).

Check 3.5 section:

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html

Regards

Dont forget to rate helpful posts

mscherting · ‎03-14-2014

I'm running 7.4.121.

On the WLC Security>AAA>Disabled Clients add each MAC individually. This blocks the MACs globally; all SSIDs on all APs on this WLC. The list of MACs will show up on the Monitor page in Disabled Clients.

With PI/NCS/WCS use a template to push the same list to multiple WLCs.

Edit: I don't know of a way to automatically "blacklist MAC addresses for violations."

Terence Lockette · ‎03-14-2014

Couldn't I just use an ACL on my WLC with a permit all statement with the last possible sequence number and then as I need to block specific clients just add them with a sequence number that comes before my permit all statement?

mscherting · ‎03-14-2014

Dunno.. I suppose you could. I avoid ACLs at the WLC.

If you did this you would be inspecting associated client traffic at the WLC. By disabling the MAC, the traffic never hits the wire.