MAC-Adress Filtering vs. Access - Lists

Unanswered Question
Aug 15th, 2008
User Badges:

We are using two WLC 4400 Series Controller for our Guest WLAN. They are installed the way Cisco Recommends . One in our LAN and one in the DMZ.

I am looking for a possibility to deny company users the access to this WLAN with their notebooks. The WLAN has direkt internet access and we don't want our notebooks to be compromised...

With MAC-Adress Filterring I can only permit access to a specific Wlan or is there a way to negogiate such a filter to use it for a denial?

Is there a possibility to use access lists for the denial of specific Mac-Adresses to a specific WLAN ?

Anyone an other good Idea how to solve this issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Fri, 08/15/2008 - 06:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Well... MAC-address filter would work, but if you have alot to input, it can be a headache. ACL's I don't think will work, because users will get an ip from the guest network and then how can you know who has what address. Create a username password webauth page. The credentials can be changed each day or week depending.... and give this out to guest users to access the guest network. Now internal user can't access this unless the username password slips out. If you really want to make it tough, use GPO and push out the wireless policy and lock out the feature to add a wireless network.

schlatermund Mon, 08/18/2008 - 01:22
User Badges:

But to use the MAC-adress filter isn't it only a positve list, so everybody inside the list ist allowed access?

I would need it to use the MAC filter negative, so everybody ist the list is denied the access.

The solution by a webauth page is in use in the moment. But our users are not that sensible with password information. That is the reason why i am looking for a strikt technical solution

Scott Fella Mon, 08/18/2008 - 06:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Correct it is a positive list and there is not way you can have a negative list. The only way is to push a GPO to configure the wireless profile.

Actions

This Discussion

 

 

Trending Topics - Security & Network