04-18-2008 07:34 AM - edited 03-05-2019 10:28 PM
I have a situation where I have wireless phones and Access access points that need to get DHCP and that reside on the same VLAN. I also have laptop devices that were improperly configured for the same SSID/VLAN. I would like to implement something that will allow the Phones and AP's to continue working on the VLAN but restrict the traffic from all other devices connected to that SSID, thus forcing the PC Technicians responsible for the laptops to reconfigure them properly. I know the MAC addresses of the phones and AP's.
MACs that I want to allow:
Prefix 00:90:7a:
Prefix 00:0c:e6:
I do not want any other source MAC addresses to be able to pass through the router interface to reach the DHCP server.
Thanks in advance for your suggestions.
04-19-2008 01:41 AM
Hi Paul,
I believe you need 802.1x layer2 security for client authentication.
Look at this url:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
On the Cisco website you can find a lot of links about this, if you search for WLC and 802.1x together.
Cheers:
Istvan
04-19-2008 04:44 AM
Hello,
If your AP is a IOS based AP, you can apply an ACL that will only allow those to MAC prefixes, explicitely deny everything else..
access-list 700 permit 0090.7a00.0000 0000.00ff.ffff
access-list 700 permit 000c.e600.0000 0000.00ff.ffff
dot11 association mac-list 700
04-19-2008 08:20 AM
The AP's are from Meru 000c.e6 and the Phones are Spectralink 0090.7a. Could I just apply the ACL to the port that the wireless controller connects to block any L2 traffic coming out of the cocntroller?
Thanks..
04-19-2008 08:48 AM
Depends on the switch and it's capabilities. If it is a Cisco switch, you could try using 'mac access-list extended
04-19-2008 10:05 AM
The switch is a cisco 4507. The port is a trunk port though. Can I apply the access list to an individual VLAN on that trunk port? If not can I apply the access list to the router interface of the VLAN that I want to filter the MACs on?
Thanks for the assistance.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: