cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8162
Views
0
Helpful
7
Replies

Cisco 3850 WLC mac-filtering

antony_pan
Level 1
Level 1

Hi:

Cisco 3850 in WLC how to config mac-filtering

thanks

1 Accepted Solution

Accepted Solutions

username 14109fd7ee6b mac aaa attribute list test01

username b8782ebf55e6 mac aaa attribute list test01


wlan 3850-01 1 3850-01

client vlan 200

mac-filtering test01

no security wpa akm dot1x

security wpa akm psk set-key ascii 0 cisco123

no shutdown

View solution in original post

7 Replies 7

Scott Fella
Hall of Fame
Hall of Fame

You would do it the same as if it was any other switch.

http://www.cisco.com/en/US/docs/ios-xml/ios/san/configuration/xe-3se/3850/san-local-ldap.html#reference_E255E8E7540F4D77A79C8D5946D78EA0

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hi:

no radius server can do this?

becase we no have radius server

thanks

You can do it with a radius server or not...

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Hi:

i follow the example

Example: Configuring MAC Filtering Support

The following example shows a configuration for MAC filtering:

username 00-22-WP-EC-23-3C mac aaa attribute list AAA_list1
!
aaa group server radius RAD_GROUP1
 subscriber mac-filtering security-mode mac
 mac-delimiter hyphen

but have some promble

Cat3850(config)#username 00-22-WP-EC-23-3C mac aaa attribute list AAA_list1

% invalid MAC address entered

can give no radius sever example

thanks

Ravi Singh
Level 7
Level 7

When you create a MAC address filter on WLCs, users are granted or       denied access to the WLAN network based on the MAC address of the client they       use.

There are two types of MAC authentication that are supported on       WLCs:

  • Local MAC authentication

  • MAC authentication using a RADIUS           server

With local MAC authentication, user MAC addresses are stored in a       database on the WLC. When a user tries to access the WLAN that is configured       for MAC filtering, the client MAC address is validated against the local       database on the WLC, and the client is granted access to the WLAN if the       authentication is successful.

By default, the WLC local database supports up to 512 user entries.

The local user database is limited to a maximum of 2048 entries. The       local database stores entries for these items:

  • Local management users, which includes lobby           ambassadors

  • Local network users, which includes guest users

  • MAC filter entries

  • Exclusion list entries

  • Access point authorization list           entries

Together, all of these types of users cannot exceed the configured       database size.

To Know how to configure Mac filtering please go to the below link.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml

username 14109fd7ee6b mac aaa attribute list test01

username b8782ebf55e6 mac aaa attribute list test01


wlan 3850-01 1 3850-01

client vlan 200

mac-filtering test01

no security wpa akm dot1x

security wpa akm psk set-key ascii 0 cisco123

no shutdown

guomizha
Cisco Employee
Cisco Employee

There have a command missing:

aaa authorization network test01 local

https://supportforums.cisco.com/discussion/11893526/3850-wlc-mac-filter-doesnt-work#4037522

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: