04-27-2012 09:44 AM - edited 07-03-2021 10:04 PM
We have a Cisco 4400 series WLAN controller.
When I go to the clients and view who is connected; I can also filter it.
However it only lets me filter by mac address, ap, wlan profile, etc.
It does not have IP filtering. Is there a way to filter using IP? Basically I want to find a particular client with a certain IP that's connected to our WLAN.
Also how do we block the client? If we deemed that person should not get access.
Thank you.
04-27-2012 10:11 AM
It is not feasible to police IP address as the IPs will be assigned dynamically and keeping changing depending on lease time. You could create a separate SSID and tie it down by mac filter for important devices. A second SSID could be created and you apply an ACL to the WLAN restricting the assigned IP range to wherever destination you choose.
04-27-2012 12:08 PM
Zhi,
If you want adavnce flierting of your WLC you need WCS or NCS. This will allow you to shape your seaching efforts quick and easliy.
As for blocking a client. Pretty easy to do... You can do this in the CLI or GUI. I documeted this on my blog
04-27-2012 12:59 PM
George,
You are right but Zhi asked about blocking based on IP and there is no way to block a particular IP address because the client can always re-authenticate and get a new IP address. Your suggestion is based on Mac address after the client has authenticated. NCS helps as it includes a broader criteria to block a client for example using posture validation however that doesn't solve the IP issue. Unless his devices have static IPs, then he could block dhcp assignment.
04-27-2012 01:14 PM
Osita,
He wasnt clear if he wanted to block by IP. He asked how could he block a user. This can be handled if the user is tied to a device, then you can disable his mac on the WLC regardless of IP address.
Also there is no mention to what type of security is being used. This would play a role as to other options as well.
You could remove the user from the AD wireless group
His question, leaves other open questions.
04-27-2012 01:15 PM
What I would do is check the ARP table on the switch, take the Mac address from there and deny them access.
Steve
Sent from Cisco Technical Support iPhone App
04-30-2012 07:35 AM
Hi sorry for the late reply. There was probably a misunderstanding. I wanted to know when you go to monitor > Clients. It shows you all the clients connected. I wanted to know if it's possible to filter by ip. As it gives me only Mac filtering. Sorry if I was not being clear.
Thank you.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide