Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mac-Filtering with FlexConnect

I have AP's in Flexconnect Mode doing local switching, central auth.  For a particular WLAN, we are using mac-filtering.  When creating the local mac filter, should we select none under interface name where you would normally map the interface for the mac-address entry since the clients are local switched? Or does this matter?

8 REPLIES
Hall of Fame Super Silver

Mac-Filtering with FlexConnect

Mac-filtering isn't supported on FlexConnect local switching, only on central switching and local mode AP's.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Mac-Filtering with FlexConnect

Here is a link:

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html#anc7

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

Re: Mac-Filtering with FlexConnect

Thanks Scott. Please correct me if I'm wrong, but according to that doc Mac filtering is supported with flexconnect local switching, not local auth. Am I reading this incorrectly?

Sent from Cisco Technical Support iPhone App

Hall of Fame Super Silver

Mac-Filtering with FlexConnect

Yes that is correct.... so keep that in mind if the ap's goes into stand alone.  Mac-filtering is done the same way as local mode AP's.... you enter the mac address and the choose the wlan... interface doesn't matter for flexconnect.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Mac-Filtering with FlexConnect

What is the purpose you want to use mac-filtering?

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

Re: Mac-Filtering with FlexConnect

It has to do with these particular clients and the lack of supporting 802.1X.  I understand mac-filtering is not very secure.

Although it appears to be working, I had my doubts because the clients were just showing 0.0.0.0 for ip address.  We have the "learn client IP address checked" under the wlan, but I cannot see the IP address.

Hall of Fame Super Silver

Mac-Filtering with FlexConnect

Yeah.... there are limitations to what the WLC has visibility to.... only when traffic comes back to the WLC, will the WLC have that information.  Take a look at the client statistics from the monitor tab and compare that to a client that is connected to a local mode AP or an ssid that is centrally switched.  As long as you only see the clients you allow on the WLAN, then your good.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

I'm also having trouible

I'm also having trouible applying MAC Filtering to a locally switched/centrally authourised WLAN

We are using WPA2 with dot1x AKM. It works fine until I enable MAC Filtering

In the MAC Filter I have tried using None/management/<Dynamic Interface> and none of these work

 

Is there a chance the AP is using local auth even though it can see the WLCs?

499
Views
0
Helpful
8
Replies
CreatePlease login to create content