Cisco WLAN Question

Unanswered Question

We have a Cisco 4400 series WLAN controller.

When I go to the clients and view who is connected; I can also filter it.

However it only lets me filter by mac address, ap, wlan profile, etc.

It does not have IP filtering.  Is there a way to filter using IP?  Basically I want to find a particular client with a certain IP that's connected to our WLAN.

Also how do we block the client?  If we deemed that person should not get access. 

Thank you.

I have this problem too.
0 votes
Loading.
grabonlee Fri, 04/27/2012 - 10:11

It is not feasible to police IP address as the IPs will be assigned dynamically and keeping changing depending on lease time. You could create a separate SSID and tie it down by mac filter for important devices. A second SSID could be created and you apply an ACL to the WLAN restricting the assigned IP range to wherever destination you choose.

grabonlee Fri, 04/27/2012 - 12:59

George,

You are right but Zhi asked about blocking based on IP and there is no way to block a particular IP address because the client can always re-authenticate and get a new IP address. Your suggestion is based on Mac address after the client has authenticated. NCS helps as it includes a broader criteria to block a client for example using posture validation however that doesn't solve the IP issue. Unless his devices have static IPs, then he could block dhcp assignment.

George Stefanick Fri, 04/27/2012 - 13:14

Osita,

He wasnt clear if he wanted to block by IP. He asked how could he block a user. This can be handled if the user is tied to a device, then you can disable his mac on the WLC regardless of IP address.

Also there is no mention to what type of security is being used. This would play a role as to other options as well.

You could remove the user from the AD wireless group , if he is using EAP for example.

His question, leaves other open questions.

Stephen Rodriguez Fri, 04/27/2012 - 13:15

What I would do is check the ARP table on the switch, take the Mac address from there and deny them access.

Steve

Sent from Cisco Technical Support iPhone App

Hi sorry for the late reply. There was probably a misunderstanding. I wanted to know when you go to monitor > Clients. It shows you all the clients connected. I wanted to know if it's possible to filter by ip. As it gives me only Mac filtering. Sorry if I was not being clear.

Thank you.

Sent from Cisco Technical Support iPhone App

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network