Block client MAC on VLAN

Unanswered Question
Mar 4th, 2010
User Badges:


I have a WLC 4402 configured with two VLANs (Company and GuestNet).

Now I need to block a client on the GuestNet VLAN only using its MAC address.

The access to the company WLAN should still be permitted.

What is the easiest way to configure this?

Thanks in advance!

Best regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Peter Nugent Thu, 03/04/2010 - 03:15
User Badges:
  • Cisco Employee,

Not sure you can do this on the WLC as far as I know its only IP ACLs. Only ever used mac filters to authenticate not deny access.

However you caould apply a MAC ACL on the switch, or if its an internal client inform him of the security policies and tell him to stop being naughty!

Scott Fella Sat, 03/06/2010 - 08:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Agreed... you can create an ACL to block a MAC on the switch level, but not on the WLC.  I'm guessing you are doing either open access to the guest or web pass-through.  Using these type of guest access can't prevent any other users to access your guest net.  Maybe you should look at doing Web-Auth, unless you are doing this now and you have one person who has access.... but then again, you can always change the username/password.


This Discussion



Trending Topics - Security & Network