11-14-2012 01:52 AM - edited 07-03-2021 11:02 PM
When adding a new MAC filter on WLC .
there are some fields i dont fully understand.
1. Profile Name
2. Interface Name
3. IP address
if i understand correctly to add MAC filtering to specific WLAN , i need to enable thatin the WLANs security tab.
so where do Profile and Interface come in?
and is the IP address a must?
02-21-2013 06:25 AM
But understand though.... You would have to put all the devices Mac filters in the list or else no devices will connect if you enable Mac filter on all ssids.
Sent from Cisco Technical Support iPhone App
02-21-2013 06:27 AM
This is clear I testes and the MAC Filtering is working. (just allowed MACs are able to connect)
The problem was that interface and WLAN filter "were not working", and this is what I'm going to test.
Thanks!
02-21-2013 06:29 AM
Let me know. It worked for me.
Sent from Cisco Technical Support iPhone App
02-21-2013 08:10 AM
Scott,
I was thinking about this and have one question:
You told that MAC Filtering needs to be enabled on all WLANs.
But how can I do with the guest WLAN? I don't wan't MAC Filter on it, because only guests on the company will use it.
It needs to be simple, with just a temporary user/password.
- Broadcast SSID + WPA2 PSK + MAC Filter desired
- Don't broadcast SSID + WPA2 PSK + MAC Filter desired
- Broadcast SSID + web authentication (guest wlan) - NO MAC Filter
02-21-2013 08:40 AM
Well if you have v7.3 or newer, you can enable this feature: On MAC Filter failure
This will keep the devices that are not on the mac filter to still get the webauth page.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
02-22-2013 06:27 AM
Hi Scott,
Enabled MAC Filtering on all WLANs, selected On MAC Filter failure on the guest one (worked!) but I'm still able to connect to all WLAN, even selection just one Profile and Interface on the MAC Filter page, as above
My MAC with permission to access just PDG-Visitantes, using interface visitantes (the interface in use with PDG-Visitantes WLAN)
All WLANs with MAC Filtering (PDG-VISITANTES is also with MAC Filter Failure)
My phone connected on PDG-CORP, even just allowing its MAC to connect to PDG-VISITANTES
Is it right? Do you suggest me to look anything else?
02-21-2013 05:23 AM
Not solved
02-21-2013 05:34 AM
My WLC is a WiSM on a 6500 core switch
02-22-2013 06:36 AM
Well I'm running 7.4 on my WLC and I was not able to connect to another profile or interface.
Sent from Cisco Technical Support iPhone App
02-22-2013 06:46 AM
Ok, thank you anyway!
I guess that the TAC will be the only solution
02-23-2013 01:12 PM
Scott,
Just theorizing, Correct me if i'm wrong.
case:1
enable mac-filterting on wlan1 that is mapped to int1.
don't enable mac-filtering on wlan2 that is mapped to int1.
don't enable mac-filtering on wlan3 that is mapped to int2.
case:A macfilter -> mac-A, wlan1, int1.
test cases:-
connect mac-A to wlan1, it should join. bcoz it got right wlan1 and int1.
connect mac-A to wlan2, it should join since wlan2 doesn't have mac filter. ****
connect mac-A to wlan3, it should join since no mac-filter enabled on wlan3 though interface is int2.
case:B macfilter -> mac-A, wlan1, int2.
test cases:-
connect mac-A to wlan1, it should join since int2 used by wlan doesn't have mac-filtering enabled ****
connect mac-A to wlan2, it should join since no mac filter enabled on wlan2.
case:2
enable mac-filtering on wlan1 that is mapped to int1.
enable mac-filtering on wlan2 that is mapped to int1.
enable mac-filtering on wlan3 that is mapped to int2.
case:A macfilter -> mac-A, wlan1, int1.
test cases:-
connect mac-A to wlan1, it should join.
connect mac-A to wlan2, shouldn't join since mac-A not allowed on this wlan2
connect mac-A to wlan3, shouldn't join since mac-A not allowed on this wlan3
case:B macfilter -> mac-A, wlan1, int2.
test cases:-
connect mac-A to wlan1, it shouldn't join since int is different and int2 is also having mac-filter enabled. ****
connect mac-A to wlan2, shouldn't join since mac-A not allowed on this wlan2
02-23-2013 01:44 PM
case:1
enable mac-filterting on wlan1 that is mapped to int1.
don't enable mac-filtering on wlan2 that is mapped to int1.
don't enable mac-filtering on wlan3 that is mapped to int2.
case:A macfilter -> mac-A, wlan1, int1.
test cases:-
connect mac-A to wlan1, it should join. bcoz it got right wlan1 and int1.
connect mac-A to wlan2, it should join since wlan2 doesn't have mac filter. ****
connect mac-A to wlan3, it should join since no mac-filter enabled on wlan3 though interface is int2.
All three above is correct
case:B macfilter -> mac-A, wlan1, int2.
test cases:-
connect mac-A to wlan1, it should join since int2 used by wlan doesn't have mac-filtering enabled ****
connect mac-A to wlan2, it should join since no mac filter enabled on wlan2.
Both above is correct
case:2
enable mac-filtering on wlan1 that is mapped to int1.
enable mac-filtering on wlan2 that is mapped to int1.
enable mac-filtering on wlan3 that is mapped to int2.
case:A macfilter -> mac-A, wlan1, int1.
test cases:-
connect mac-A to wlan1, it should join.
connect mac-A to wlan2, shouldn't join since mac-A not allowed on this wlan2
connect mac-A to wlan3, shouldn't join since mac-A not allowed on this wlan3
All three above is correct
case:B macfilter -> mac-A, wlan1, int2.
test cases:-
connect mac-A to wlan1, it shouldn't join since int is different and int2 is also having mac-filter enabled. ****
connect mac-A to wlan2, shouldn't join since mac-A not allowed on this wlan2
What I did was I created 4 WLAN's mapped to the following vlans
wlan1>201 ----mac filter enabled
wlan2>202 ----mac filter disabled
wlan3>203 ----mac filter enabled
wlan4>201 ----mac filter enabled
If I assigned a device that was allowed on wlan1 and vlan 201, the device was only able to connect to wlan1 and wlan2.
Now if i set the Any WLAN, the device was able to connect to all 4 ssid's even though I still had vlan 201 defined.
Now if I set the mac filter to allow on wlan1 and set the interface to any, I was only able to connect to wlan1 and wlan2.
So it seems like the Profile Name is mandatory and takes precedence of the Interface name. So making sure you have the Profile Name configured is important.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
02-23-2013 02:54 PM
Thanks Scott, Much appreciated!!!
02-23-2013 03:25 PM
No problem. It was about time I lab'd it out anyways:)
Sent from Cisco Technical Support iPhone App
02-23-2013 01:49 PM
Go WLANs
Select SSID
e.g (SSID u Select is ABC)
Select Tab SECURITY
Layer 2 Security Select NONE
Mark MAC FILTERING
Select Tab
LAYER 3
Select layer 3 Security NONE
For Adding MAC
Go to SECURIT
Select MAC Filtering
On The Top Right Cornder Click NEW
IN MAC Address Enter Mac As aa:bb:cc:dd:ee:ff:gg
IN Profile Name Select SSID ABC
IN Description Enter any Name ABCMAC (Not Necessary)
IN IP Address Enter IP 192.168.1.1 (Not Necessary)
Interfae Name (Manager Interface)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide