Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco 3850 WLC mac-filtering

Hi:

Cisco 3850 in WLC how to config mac-filtering

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Cisco 3850 WLC mac-filtering

username 14109fd7ee6b mac aaa attribute list test01

username b8782ebf55e6 mac aaa attribute list test01


wlan 3850-01 1 3850-01

client vlan 200

mac-filtering test01

no security wpa akm dot1x

security wpa akm psk set-key ascii 0 cisco123

no shutdown

7 REPLIES
Hall of Fame Super Silver

Re: Cisco 3850 WLC mac-filtering

You would do it the same as if it was any other switch.

http://www.cisco.com/en/US/docs/ios-xml/ios/san/configuration/xe-3se/3850/san-local-ldap.html#reference_E255E8E7540F4D77A79C8D5946D78EA0

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: Cisco 3850 WLC mac-filtering

Hi:

no radius server can do this?

becase we no have radius server

thanks

Hall of Fame Super Silver

Cisco 3850 WLC mac-filtering

You can do it with a radius server or not...

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
New Member

Cisco 3850 WLC mac-filtering

Hi:

i follow the example

Example: Configuring MAC Filtering Support

The following example shows a configuration for MAC filtering:

username 00-22-WP-EC-23-3C mac aaa attribute list AAA_list1
!
aaa group server radius RAD_GROUP1
 subscriber mac-filtering security-mode mac
 mac-delimiter hyphen

but have some promble

Cat3850(config)#username 00-22-WP-EC-23-3C mac aaa attribute list AAA_list1

% invalid MAC address entered

can give no radius sever example

thanks

Cisco Employee

Cisco 3850 WLC mac-filtering

When you create a MAC address filter on WLCs, users are granted or       denied access to the WLAN network based on the MAC address of the client they       use.

There are two types of MAC authentication that are supported on       WLCs:

  • Local MAC authentication

  • MAC authentication using a RADIUS           server

With local MAC authentication, user MAC addresses are stored in a       database on the WLC. When a user tries to access the WLAN that is configured       for MAC filtering, the client MAC address is validated against the local       database on the WLC, and the client is granted access to the WLAN if the       authentication is successful.

By default, the WLC local database supports up to 512 user entries.

The local user database is limited to a maximum of 2048 entries. The       local database stores entries for these items:

  • Local management users, which includes lobby           ambassadors

  • Local network users, which includes guest users

  • MAC filter entries

  • Exclusion list entries

  • Access point authorization list           entries

Together, all of these types of users cannot exceed the configured       database size.

To Know how to configure Mac filtering please go to the below link.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml

Cisco Employee

Cisco 3850 WLC mac-filtering

username 14109fd7ee6b mac aaa attribute list test01

username b8782ebf55e6 mac aaa attribute list test01


wlan 3850-01 1 3850-01

client vlan 200

mac-filtering test01

no security wpa akm dot1x

security wpa akm psk set-key ascii 0 cisco123

no shutdown

Cisco Employee

There have a command missing:

There have a command missing:

aaa authorization network test01 local

https://supportforums.cisco.com/discussion/11893526/3850-wlc-mac-filter-doesnt-work#4037522

4679
Views
0
Helpful
7
Replies
CreatePlease to create content