WLC - How to block a single client MAC address?

Unanswered Question
Dec 25th, 2007

Hi Sir,

On a WLC (software version, how to block a single client MAC address?

I thought of using the SECURITY -> Disabled Clients. Is it right?

There are currently 250 users connected to the WLC. MAC Filtering is not a scalable solution because as I understand it, we have to specify all the legitimate MAC addresses in the local database.

Thank you.


Lim TS

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (2 ratings)
rob.huffman Wed, 12/26/2007 - 11:58

Hi Lim,

As you have discovered, the Mac filtering on the WLC is an Allow (based on Mac address) rather than what you need which is a Deny (based on Mac address). I have not tried this feature but I think you are on the right track in using the Exclusion List (Blacklist) feature. Have a look;

Use SECURITY > AAA > Disabled Client then click New or MONITOR > Clients then click Disable to navigate to this page.

This page allows you to manually Exclusion List (blacklist) a client by MAC address.

Add the MAC Address and an optional Client Description for the client to be disabled.


Note When you enter a client MAC address to be disabled, the Operating System checks that the MAC address is not one of the known Local Net clients ( Local Net Users), Authorized clients ( MAC Filtering), or Local Management users ( Local Management Users) MAC addresses. If the entered MAC address is on one of these three lists, the Operating System does not allow the MAC address to be manually disabled.

Hope this helps! Let us know.


Rene S. Fri, 06/06/2014 - 01:48

Ok, it's working. I forgot that disabling doesn't mean that the client will not keep attacking us.... Is there a way to acknowledge certain clients so we won't be notified when he attacks us? 
So after we disabled the client, we shouln't get any attack-messages regarding this client..

Rene S. Thu, 06/05/2014 - 22:17
Hi, I've added the client MAC address to the disabled clients list, but I still get notifications that the client is sending out a lot of deauth messages.. Looks like the disabled clients list is not working.. Did it work for you?


This Discussion



Trending Topics - Security & Network