Blocking of complete Vendor MAC Address

Answered Question
Oct 2nd, 2010

Hi All,

is it possible to Block or Disable a complete Vendor MAC - like  Apple 7c:6d:62:x:x:x - with using Wildcards on a Wireless LAN Controller? Background is, that the Customers IT-Department is only allowing the use of one Vendor, so every MAC Address of another Vendor is rogue. If Blocking is not possible on WLC, can i do this on ACS?

Thx in adv, Michael

I have this problem too.
0 votes
Correct Answer by Javier Contreras about 6 years 2 months ago

Hi

if you create a NAR entry on ACS, you can use callerID information (DNIS) which will have the mac address.

then on ACS, it will support wildcards for all or part of each of the attributes:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/c.html#wp697209

so, it should be posible to be done on WLC, if you move the validation into ACS itself.

Regards

Correct Answer by Surendra BG about 6 years 2 months ago

This can be done using the Autonomous APs but not with LWAPP and WLC.. even on the ACS we provide the MAC address.. we dont use the mask.. however the IOS APs we specify the mask..

Regards

Surendra

Correct Answer by Madhuri C about 6 years 2 months ago

Hi,

Unfortunately there is no option of using  wildcard mask on WLC for mac filtering. We need to configure complete  individual MAC addresses which needs to be allowed (rest of it would be  blocked).

More information :  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml

Regards,

Madhuri

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Surendra BG Sun, 10/03/2010 - 21:20

This can be done using the Autonomous APs but not with LWAPP and WLC.. even on the ACS we provide the MAC address.. we dont use the mask.. however the IOS APs we specify the mask..

Regards

Surendra

Correct Answer
Javier Contreras Wed, 10/06/2010 - 08:01

Hi

if you create a NAR entry on ACS, you can use callerID information (DNIS) which will have the mac address.

then on ACS, it will support wildcards for all or part of each of the attributes:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/c.html#wp697209

so, it should be posible to be done on WLC, if you move the validation into ACS itself.

Regards

Actions

This Discussion

 

 

Trending Topics - Security & Network