Shark Attack
asked on
1131 AP question
How do I block 1 mac address and permit all other?
dot11 association mac-list 700
deny 0071.cc8e.x.x.x.x 0000.0000.0000 (28 matches)
dot11 association mac-list 700
deny 0071.cc8e.x.x.x.x 0000.0000.0000 (28 matches)
IP address issue first...
If another wireless (or wired) client (on the VLAN that the SSID is attached to) has a DHCP server running, clients attaching to the WLAN will be able to obtain an IP address from that DHCP server.
MAC filter issue...
Your config is only half-way there. Try this...
That assumes you have no VLANs on your AP and that you want to apply the filter to the 2.4GHz radio only.
If another wireless (or wired) client (on the VLAN that the SSID is attached to) has a DHCP server running, clients attaching to the WLAN will be able to obtain an IP address from that DHCP server.
MAC filter issue...
Your config is only half-way there. Try this...
access-list 700 deny 0071.cc8e.x.x.x.x 0000.0000.0000
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
!
interface Dot11Radio0
l2-filter bridge-group-acl
!
interface Dot11Radio0
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
That assumes you have no VLANs on your AP and that you want to apply the filter to the 2.4GHz radio only.
Look into lowering their priority. If you block evildoers they get bored and change MAC and land you with blocking trillions of MACs.
ASKER
@ craigbeck
How can I detect this device that might be giving out addresses? What are some ways of detecting this thing? It's been an issue at this site for a while and I need more of a permanent solution. thanks
How can I detect this device that might be giving out addresses? What are some ways of detecting this thing? It's been an issue at this site for a while and I need more of a permanent solution. thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER