Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricting client association by MAC address

I have a problem whereby a particular wireless client is choosing to associate with the root bridge rather than with a nearer non-root AP which has a much stronger signal. As a result, the client is experiencing dropouts due to the poor signal to the root.

This is apparently a problem with the specific client (which is integrated into a vehicle telemetry system) and the vendor is entirely unhelpful with the issue.

Is there a way to block client association by MAC address (or some other means) on a 350 bridge? I need to do this to prevent the dodgy client from associating with the root bridge.

The approximate topology is:

[client] ~~~)-1400AP--[wired]--1400nonroot-(~~~~)-350root--wired network

Clients should be associating with the 1400AP when the signal to that AP is stronger - and the majority of clients are doing this.

A simple MAC address filter list won't do the trick as this will also stop traffic from the client if it's associated to a downstream AP. All comments appreciated.


Re: Restricting client association by MAC address

In your network setup, I can see no wireless clients are needed to be associated to the 350 bridge and all wireless clients needs to be associated to the 1400AP. If this is correct, why dont you modify the role of 350 bridge?.

I meant why dont you modify the root bridge with client association role of 350 bridge to non-client asspciation role?. I think this is possible in 350 bridge. You can configure your 350 bridge in "Bridge-only" mode which will not allow any clients to associate to it.

For this, the 350 bridge should be in non-root bridge mode.

New Member

Re: Restricting client association by MAC address

Thanks for the response.

Unfortunately I don't think I can change the role of the 350 because it needs to be the root - it is in a high location, on the wired network and number of other bridges need to associate with it.

A root without client association mode would be ideal, but this doesn't exist. Actually, what would be ideal would be for the client card vendor to fix their hardware/drivers, but it seems that isn't going to happen.

CreatePlease login to create content