04-27-2012 09:44 AM - edited 07-03-2021 10:04 PM
We have a Cisco 4400 series WLAN controller.
When I go to the clients and view who is connected; I can also filter it.
However it only lets me filter by mac address, ap, wlan profile, etc.
It does not have IP filtering. Is there a way to filter using IP? Basically I want to find a particular client with a certain IP that's connected to our WLAN.
Also how do we block the client? If we deemed that person should not get access.
Thank you.
04-27-2012 10:11 AM
It is not feasible to police IP address as the IPs will be assigned dynamically and keeping changing depending on lease time. You could create a separate SSID and tie it down by mac filter for important devices. A second SSID could be created and you apply an ACL to the WLAN restricting the assigned IP range to wherever destination you choose.
04-27-2012 12:08 PM
Zhi,
If you want adavnce flierting of your WLC you need WCS or NCS. This will allow you to shape your seaching efforts quick and easliy.
As for blocking a client. Pretty easy to do... You can do this in the CLI or GUI. I documeted this on my blog
04-27-2012 12:59 PM
George,
You are right but Zhi asked about blocking based on IP and there is no way to block a particular IP address because the client can always re-authenticate and get a new IP address. Your suggestion is based on Mac address after the client has authenticated. NCS helps as it includes a broader criteria to block a client for example using posture validation however that doesn't solve the IP issue. Unless his devices have static IPs, then he could block dhcp assignment.
04-27-2012 01:14 PM
Osita,
He wasnt clear if he wanted to block by IP. He asked how could he block a user. This can be handled if the user is tied to a device, then you can disable his mac on the WLC regardless of IP address.
Also there is no mention to what type of security is being used. This would play a role as to other options as well.
You could remove the user from the AD wireless group
His question, leaves other open questions.
04-27-2012 01:15 PM
What I would do is check the ARP table on the switch, take the Mac address from there and deny them access.
Steve
Sent from Cisco Technical Support iPhone App
04-30-2012 07:35 AM
Hi sorry for the late reply. There was probably a misunderstanding. I wanted to know when you go to monitor > Clients. It shows you all the clients connected. I wanted to know if it's possible to filter by ip. As it gives me only Mac filtering. Sorry if I was not being clear.
Thank you.
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: