05-12-2010 06:07 AM - last edited on 03-09-2022 11:14 PM by smallbusiness
Hi,
We have a couple of WLAN's here at our school.
One for handhelds only (hidden SSID PDA) with WPA2, another for all guests with Web authentication.(SSID Hotspot)
Now some of the handhelds are connecting by themselves to the Hotspot wireless network, but their apps won't work correct through the hotspot network.
We want to block the handhelds on the Hotspot WLAN i.e by MAC address.
How can we do that ??
Can't seem to find it in the manual..
Thanks
Hans
Solved! Go to Solution.
05-17-2010 07:17 PM
Nuts! I didn't see that you are using LWAP. My deepest apologies for wasting your time.
MAC Filters with Wireless LAN Controllers (WLCs) Configuration Example
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml
05-14-2010 10:13 AM
Not sure which AP you are running but I accomplish this by creating a filter for each SSID one that forwards packets for the MAC address of allowed devices on the internal network and one that blocks packets on the free wi-fi. I then apply that at the radio level so they can 'connect' to the other but it will not allow an IP to be pulled, so even if they try to switch to by pass our webfilter they cannot, yet visiting clients (we run events with lots of visitors) can connect to the wifi and surf freely. Works good but I cannot give more specific direction since you didn't mention which device your using.
05-17-2010 01:14 AM
Hi,
The device we use is the Cisco Aironet AIR-AP1242AG-E-K9
AP's are configured through the Wireless Lan Controller.
Maybe this helps to be more specific?
Thanks for your assistence, much appreciated :-)
05-16-2010 02:39 AM
some of the handhelds are connecting by themselves to the Hotspot wireless network
Hi Hans,
What SSIDs are the PDAs configured to associate? Maybe the PDAs have both SSID configured and "Hotspot" SSID is set to connect automatically?
Please don't forget useful posts. Thanks.
05-17-2010 01:17 AM
The Hotspot WLAN is discovered automatically, and sometimes the PDA connects to it.
Maybe cause the PDA WLAN is a hidden SSID ?
05-17-2010 01:20 AM
So why not put a password at the "Hotspot" SSID? Even a simple one. I've never heard of an application to automatically connect to an SSID without asking.
05-17-2010 01:25 AM
The Hotspot WLAN is secured with a web password, connecting is possible without password, but when you want to access the Internet, a username/password is required.
05-17-2010 01:34 AM
HTML into the AP.
Go to Services -> Filters -> MAC Address Filters tab.
Please don't forget to rate useful posts. Thanks.
05-17-2010 01:40 AM
Yes, I've seen that Tab, but little explanation with it.. that's why I'm here..
I know form other AP I can filter on MAC, but that is to allow the specified MAC's to use the AP.
What I want is create a filter on the Hotspot SSID and deny all handhelds to connect to it.
Would that be possible with this filter?
(BTW, super .. your fast replies!! )
05-17-2010 01:50 AM
I hope you know how to use CLI ...
Access Point ACL Filter Configuration Example
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058ed26.shtml
05-17-2010 02:03 AM
CLI is not the problem.
I guess you refer to this in the html file:
Create a MAC address ACL 700.
This ACL does not allow the client 0040.96a5.b5d4 to associate with the AP.
access-list 700 deny 0040.96a5.b5d4 0000.0000.0000
But how to set the deny only on the SSID Hotspot WLAN?
05-17-2010 02:26 AM
How many radios does your AP have? If 2 then configure Hotspot SSID to one radio and Handheld SSID to another radio.
Is this viable for you?
05-17-2010 02:32 AM
Not sure what radios is..
We have four SSID's on the WLC
Is that what radios is ?
05-17-2010 02:33 AM
Can you tell me what is the exact model number of your AP? In CLI, can you post the output of the command "sh ip interface brief"?
05-17-2010 03:47 AM
Hi Leolaohoo,
Device is Cisco Aironet AIR-AP1242AG-E-K9
CLI output from the two concerning interfaces :
Interface Name................................... PDA
MAC Address...................................... 00:1a:6d:dd:85:
IP Address....................................... 172.22.1.2
IP Netmask....................................... 255.255.0.0
IP Gateway....................................... 172.22.1.1
VLAN............................................. 11
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.21.1.11
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Hotspot:
Interface Name................................... hotspot
MAC Address...................................... 00:1a:6d:dd:85:c7
IP Address....................................... 10.14.2.2
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.14.2.1
VLAN............................................. 14
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.31.1.108
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide