Solved

Cisco WLC-5508 block access by MAC

Posted on 2014-12-02
5
1,478 Views
Last Modified: 2014-12-08
i have WLC-5508 with multiple SSID (VLAN).  I like to limit specific MAC to only allow to use specific vlan only. is there a way?

SSID1- internal
SSID2 - public
device1 - MAC AA:BB
device2 - MAC  DD:EE

I want to allow device1 to connect to SSID1 only.  if device1 disconnect from SSID1 and try to connect to SSID2, I want it NOT to connect even they know the password to SSID2.

is it possible?

thank
0
Comment
Question by:ajeab
  • 3
  • 2
5 Comments
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 40477503
0
 
LVL 6

Author Comment

by:ajeab
ID: 40477558
I already implement MAC filter on SSID1 but it use for allow list.  I don't see where to set for denied.  I have list of MAC allow for SSID1 but I want to disallow device1 to able to auth to SSID2.

here is what already happened,

device1 allow to connect to SSID1 (MAC define+pre share key)
device2 and anonymous devices NOT allow to connect to SSID1 (because MAC not define)

I like to add,

device1  NOT allow to connect to SSID2 (MAC define as deny to SSID2)
device2 and all anonymous devices can connect to SSID2 (via pre-share key)
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40477656
You cant do that the way you have it at the moment.  MAC filter will only allow based on what's in its list.  To do this you need an external RADIUS server to create deny policies.
0
 
LVL 6

Author Comment

by:ajeab
ID: 40477664
can you point me to the right direction?  

can i have both local and external RADIUS config for differnet SSID?
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40477722
Yes you can.

If you have a Windows domain you can do this quite easily with NPS and AD, but there's a bit of config to do.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now