Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2577
Views
5
Helpful
5
Replies

MAC Filter + WPA Autonomous AP

ricardorojas123
Level 1
Level 1

‎07-20-2011 06:44 AM - edited ‎07-03-2021 08:27 PM

I have two wireless networks configured in the AP1200, both SSIDs are configured with WPA.

SSID 01: configured whit WPA

SSID 02: configured whit WPA

I have configured the access-list number 700, and I would like to apply to a single network. Achieving the following:

SSID 01 : WPA + Mac Filter, using the ACL number 700.

SSID 02:  WPA

How I can apply the list 700 to the first SSID only ??

Thanks !

Labels:
0 Helpful
5 Replies 5

Surendra BG
Cisco Employee
Cisco Employee

‎07-20-2011 07:18 AM

Hi,

I am not sure if this works!! i wanna try, coz MAC filter is a Global configuration and for radio interface not for SSID.. please try the below and see if this helps..

here is the config

en

conf t

access-list 700 permit XXXXXXX XXXXX

exit

en

conf t

int dot11 0.1

bridge-group 1 input-address-list 700
end

See if this helps!! Lemme know if this helps

Please dont forget to rate the usefull posts!!

Regards
Surendra
Regards
Surendra BG
0 Helpful

ricardorojas123
Level 1
Level 1
In response to Surendra BG

‎07-20-2011 07:40 AM

ok, I will comment

0 Helpful

marc.groenen
Level 1
Level 1
In response to ricardorojas123

‎04-11-2013 01:05 AM

Did you get the ACL working on the specific dot11 subinterface ?

Or does it only work in the global configuration ?

0 Helpful

maldehne
Cisco Employee
Cisco Employee
In response to marc.groenen

‎04-11-2013 03:20 AM

If you have one ssid , accordingly one bridge-group needed you can apply under the global configuration.

---------------------------------------------------------------------

Please make sure to rate correct answers

marc.groenen
Level 1
Level 1
In response to maldehne

‎04-11-2013 04:26 AM

yes but if you have multiple SSID's and you want to block the user using this MAC ACL on 1 SSID but not all the SSID's.

You would need to use the bridgeroup statement:

int dot11 0.1

bridge-group 1 input-address-list 700

But i wanted to know if the command worked out for ricardorojas123 since he said he would comment....

However i have already implemented the config in a testcase and it seems to be working.

Also when using command for the global configuration:

dot11 association mac-list 700

The dot11 interfaces will reset which should be a NOTE in the documentation i guess

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058ed26.shtml#macbasedacls

0 Helpful
Review Cisco Networking for a $25 gift card
Top