We have a mix of 1231 and 1242 access points in an LWAPP environment. They are connected to WiSM controllers in our 6509's and are managed by a central WLC. Everything is running version 7.0.230. My question is can I apply MAC address filtering on a select group of AP's to restrict access to a specific SSID broadcast on these AP's without affecting other AP's also connected to the same WiSM? Thanks!
The MAC filtering is L2 security feature and is applied on a "per WLAN" basis. So, if you create a MAC filter list to be used by a WLAN; only clients trying to connect to "that" WLAN, regardless of AP/Radio, will hit the MAC filter list.
It almost sounds like you have a single WLAN, and you're asking can I make Group A APs have MAC filter, yet for the same WLAN, you want Group B APs to "not" have a MAC filter? If that's what you're asking, I'm not sure why you would want to do that, and I don't think you can accomodate that via the WLC.
If you simply want to MAC Filter clients on a particular WLAN, then enable the MAC filter on your L2 security for the WLAN, and then add the cilents to the list MAC filter list in the SECURITY section of your WLC.
If you want this "WLAN" to only be present on a group of APs, whereby MAC filtering will take place, then I would suggest using AP groups to specify which APs you want this WLAN to operate on.
I'm very green when it comes to this (but I'm learining!) but I think creating an AP group is the way to go. This particular WLAN serves up "guest" internet access and is applied to over 100 AP's connected to the WLC. I want to filter MAC's on 5 of those 100 AP's as they service a particular remote site and we only want a select group of client devcies to have access. So I can group those 5 AP's then apply the filtering to that group only?
You would need to create a separate WLAN for those particular APs. Because you want the "same" WLAN in all of these APs, but 5 APs in particular to MAC Filter, this wouldn't be an option via the WLC as the MAC filter option is a per-"WLAN" config, not a per-"AP" config.
You could have your 2 guest networks spread across your 100 APs as so.
1. Group A - contains 95 APs - Guest WLAN A, no MAC Filter
2. Group B - contains 5 APs - Guest WLAN B, with MAC Filter
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...