Cisco WLAN Question

Unanswered Question
Apr 27th, 2012

We have a Cisco 4400 series WLAN controller.

When I go to the clients and view who is connected; I can also filter it.

However it only lets me filter by mac address, ap, wlan profile, etc.

It does not have IP filtering.  Is there a way to filter using IP?  Basically I want to find a particular client with a certain IP that's connected to our WLAN.

Also how do we block the client?  If we deemed that person should not get access. 

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
grabonlee Fri, 04/27/2012 - 10:11

It is not feasible to police IP address as the IPs will be assigned dynamically and keeping changing depending on lease time. You could create a separate SSID and tie it down by mac filter for important devices. A second SSID could be created and you apply an ACL to the WLAN restricting the assigned IP range to wherever destination you choose.

grabonlee Fri, 04/27/2012 - 12:59


You are right but Zhi asked about blocking based on IP and there is no way to block a particular IP address because the client can always re-authenticate and get a new IP address. Your suggestion is based on Mac address after the client has authenticated. NCS helps as it includes a broader criteria to block a client for example using posture validation however that doesn't solve the IP issue. Unless his devices have static IPs, then he could block dhcp assignment.

George Stefanick Fri, 04/27/2012 - 13:14


He wasnt clear if he wanted to block by IP. He asked how could he block a user. This can be handled if the user is tied to a device, then you can disable his mac on the WLC regardless of IP address.

Also there is no mention to what type of security is being used. This would play a role as to other options as well.

You could remove the user from the AD wireless group , if he is using EAP for example.

His question, leaves other open questions.

Stephen Rodriguez Fri, 04/27/2012 - 13:15

What I would do is check the ARP table on the switch, take the Mac address from there and deny them access.


Sent from Cisco Technical Support iPhone App Mon, 04/30/2012 - 07:35

Hi sorry for the late reply. There was probably a misunderstanding. I wanted to know when you go to monitor > Clients. It shows you all the clients connected. I wanted to know if it's possible to filter by ip. As it gives me only Mac filtering. Sorry if I was not being clear.

Thank you.

Sent from Cisco Technical Support iPhone App


This Discussion

Related Content



Trending Topics - Security & Network