Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking all MAC addresses except for the ones you allow

I have a Cisco Aironet 1200 Access Point. I want to block all MAC addresses from accessing the access point, except for the ones I've allowed. First I went to the Address Filters page and clicked on Allowed, then listed all the MAC address I want to be able to access the access point. Then I went to the Ethernet Advanced page, and set the Default Multicast Address Filter to Disallowed, and the Default Unicast Address Filter to Disallowed. Then I went to the AP Radio: Internal Advanced page, clicked on the Advanced Primary SSID Setup link, and set the Default Unicast Address Filter to Disallowed. Accept Authentication Type is set to Open with Shared and Network-EAP cleared, and the Require EAP check boxes are all cleared.

When using a computer whose MAC address is not listed on the Address Filters page, I am still able to connect to the network through the access point. I am also able to connect to the access point from any pc on my network by entering its IP address in Internet Explorer.

What do I need to do to block any pc without a listed MAC address from connecting to the access point?

Thanks, Jeff


Re: Blocking all MAC addresses except for the ones you allow

Here's the instructions and URL on how to create an MAC based filter:

Follow these steps to create a MAC address filter:

Step 1 Follow the link path to the Address Filters page.

Step 2 Type a destination MAC address in the New MAC Address Filter: Dest

MAC Address field. You can type the address with colons separating the character pairs

(00:40:96:12:34:56, for example) or without any intervening characters (004096123456, for example).

Note If you plan to disallow traffic to all MAC addresses except

those you specify as allowed, put your own MAC address in the list of allowed MAC

addresses. If you plan to disallow multicast traffic, add the broadcast MAC address

(ffffffffffff) to the list of allowed addresses.

Step 3 Click Allowed to pass traffic to the MAC address or click Disallowed

to discard traffic to the MAC address.

Step 4 Click Add. The MAC address appears in the Existing MAC Address

Filters list. To remove the MAC address from the list, select it and click Remove.

Step 5 Click OK. You return automatically to the Setup page.

Step 6 Click Advanced in the AP Radio row of the Network Ports section at

the bottom of the Setup page for the radio you want to configure. The AP Radio Advanced page appears.

CreatePlease login to create content