Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Restricting Types of devices on a Wireless SSID

I have a situation where I have wireless phones and Access access points that need to get DHCP and that reside on the same VLAN. I also have laptop devices that were improperly configured for the same SSID/VLAN. I would like to implement something that will allow the Phones and AP's to continue working on the VLAN but restrict the traffic from all other devices connected to that SSID, thus forcing the PC Technicians responsible for the laptops to reconfigure them properly. I know the MAC addresses of the phones and AP's.

MACs that I want to allow:

Prefix 00:90:7a:

Prefix 00:0c:e6:

I do not want any other source MAC addresses to be able to pass through the router interface to reach the DHCP server.

Thanks in advance for your suggestions.

5 REPLIES

Re: Restricting Types of devices on a Wireless SSID

Hi Paul,

I believe you need 802.1x layer2 security for client authentication.

Look at this url:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

On the Cisco website you can find a lot of links about this, if you search for WLC and 802.1x together.

Cheers:

Istvan

New Member

Re: Restricting Types of devices on a Wireless SSID

Hello,

If your AP is a IOS based AP, you can apply an ACL that will only allow those to MAC prefixes, explicitely deny everything else..

access-list 700 permit 0090.7a00.0000 0000.00ff.ffff

access-list 700 permit 000c.e600.0000 0000.00ff.ffff

dot11 association mac-list 700

New Member

Re: Restricting Types of devices on a Wireless SSID

The AP's are from Meru 000c.e6 and the Phones are Spectralink 0090.7a. Could I just apply the ACL to the port that the wireless controller connects to block any L2 traffic coming out of the cocntroller?

Thanks..

New Member

Re: Restricting Types of devices on a Wireless SSID

Depends on the switch and it's capabilities. If it is a Cisco switch, you could try using 'mac access-list extended ' and apply a 'mac access-group ...' to the port.

New Member

Re: Restricting Types of devices on a Wireless SSID

The switch is a cisco 4507. The port is a trunk port though. Can I apply the access list to an individual VLAN on that trunk port? If not can I apply the access list to the router interface of the VLAN that I want to filter the MACs on?

Thanks for the assistance.

156
Views
0
Helpful
5
Replies