Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Block Mac-CLI

Hi All,

How to block a Mac address using command line which being associated to AccessPoint (cisco Aironet).Because configuring thru GUI being disabled.Thx


Re: Block Mac-CLI

Guy walks into a bar, wearing a nametag that says "Joe Smith". Bouncer checks his list that says "Don't let Joe Smith in!" and kicks him out.

Joe gets a pen and scrawls an "e" at the end of Smith, so that his nametag now says "Joe Smithe", and turns around and walks right back into the bar. Bouncer checks his list again and says "you're good, have a great time!"

MAC addresses are trivially easy to spoof. And since mac addresses are sent in the clear in 802.11 packets, it's trivially easy to sniff for a valid one.

With that said, if you're sure you want to implement mac filters on your IOS AP, here's how:

access-list 700 deny 0123.4567.89ab 0000.0000.0000

access-list 700 permit any


dot11 association mac-list 700

(or, use your ACL to permit the allowed macs and then deny any, whichever way you want to do it.)