I have a WLC version 188.8.131.52 and 10 LAP registered in mode local. All of them are showing 4 SSID's. I need to work using to one SSID security in layer 2 with wpa psk +mac filter.
I already configure all the mac address in the interface of users (Different to Interface Management) and I enable the security mac filter in the wlan of users, but when one users of this wlan try to authenticate, the process by pass the mac filter and the user can authenticate without problems to the wlan.
When i look the context of the configuration i see the mac, ip adress description and the interface of users correctly. Morever in the wlan is mark with a check to enable the security mac.
I write on the wlc debug client (mac of client) and i can see his process of authentication pass without any problems.
Could you give me an advice to resolv this trouble.
Reading more closely, I think maybe the controller is behaving normally.
You say that you add the client to the MAC filtering list and you turn on MAC filtering for your WLAN. Then you say the client is allowed to authenticate. Am I getting that correctly? If so, that is what MAC filtering does--it allows all MAC addresses in the MAC filtering list to authenticate, i.e., the MAC filtering list is an allow list.
If you want to reject specific clients, then you need to put their MAC address in the Disabled Clients list (Security tab).
Does this help, or is it possible that I am still misunderstanding your issue?
Ok, that makes sense. So yes, as far as I know, the logs are not super helpful when it comes to MAC filtering pass/fail, but you will find generic messages related to MAC filter events. Filtering for MAC is a layer 2 association-level event, so if a client does not pass, you will see an SNMP log message like:
Sun Mar 18 20:23:52 2012 Client Association Failure: MACAddress: Base Radio MAC: Slot: 0 User Name:unknown IP Addr: unknown Reason:Unspecified ReasonCode: 1
If they pass, then you will see:
Sun Mar 18 20:29:05 2012 Client Association: Client MAC: Base Radio MAC : Slot: 0 User Name:unknown IP Addr: unknown
If you are not seeing these messages, make sure you have SNMP trap controls turned on for Client association and association failure events:
I have done some more testing today and I am not running into the issues that you are seeing. In my setup, named clients can associate and unlisted clients are failing to associate. At this point I would recommend that you try upgrading your code to 184.108.40.206 or higher. My testing was done on 220.127.116.11.
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
email@example.com. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...