How can i create MAC base ACL in cisco router 2800 &1800

Unanswered Question
Sep 16th, 2010


I want to create mac base ACl for all  users and laptop . So that I can restrict unauthorized user or laptop. MY current scenario is like :---

wireless user/Laptop ------> Access point------->Poe switch (L2)-------> WLC (wireless LAN controller )-------->Radius server ------------>AD------------> LAN

In above scenario unauthorized user can access Internet or can get some access through static IP. So i am planning to implement following because i have Cisco 2800 and Cisco 1800 router  and also due lack of budget.

wireless user/Laptop ------> Access point------->PoE switch (L2)------->Cisco router (with MAC base ACL)--------> WLC-------->Radius server ------------>AD------------> LAN

Please suggest me to resolve this issue.

Thanks & Regards,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Roger Nobel Tue, 10/12/2010 - 06:40

Hi Sujeet,

LAP is building data tunnel using CAPWAP (old LWAPP) towards WLC. WLC than will forward the client traffic accordingly on the dynamic interface of WLC (vlan) - hence router between LAP and WLC only sees CAPWAP(LWAPP) traffic.

I assume as per your request you like restrict based on MAC address the access to your network for wireless users.

WLC has a Layer 2 security feature for MAC address filter.

WLC GUI > WLAN > WLAN ID edit> Security > Layer 2 > checkbox : Mac Filter

Layer 2 Security Mechanism

MAC Filtering

Select to filter clients by MAC address. Locally configure                     clients by MAC address in the MAC Filters > New page. Otherwise, configure                     the clients on a RADIUS server.

Maybe you can use on WLC the MAC filter feature instead.

Note: MAC filter is not realy secure since MAC address can be spoofed easaly.

Best regards



This Discussion



Trending Topics - Security & Network