Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

[Ask] How to restriction number of mac address per client on WLC !!!!!!

Dear all,

First, thank for read my topic, now i have a small trouble with WLC.

My company have 12 APs & Cisco 5508 WLC, all things work well.

We already setup a WLAN for user can connect to internet (using local net users account), but they using their mobile phones, notebook to share internet connection with others peoples, we don't want that, we want only that user can use internet, and their mobile phone, notebook can't become a portable wifi hotspot (we see them on Rogue APs)

I known that we can use MAC address filter, but we must use local net users for some reason,

Do you have any idea, any solution for this case ?

Thank you.

  • Security and Network Management
6 REPLIES
VIP Purple

[Ask] How to restriction number of mac address per client on WLC

HI Nquyen,

I dont this will help or not .

You can check this box for Max Concurrent Logins for a user name:

Security > AAA > User Login Policies  and put 1 in this box and then Apply.

Here is the screenshot:

1.png

Hope it helps.

Regards

Dont forget to rate helpful posts

Re: [Ask] How to restriction number of mac address per client on

Make sure Max Concurrent Logins for a username is set to 0 for unlimited.  You can set this with a value from 1-8.

        wlc.jpg

New Member

Re: [Ask] How to restriction number of mac address per client on

Hi nkumarsr  & sandeepchoudhary21

I known that checkbox, i already set it to 1 to prevent user share their WLAN account,

the problem is, they using their account to make their mobile phone or notebook become a portable hot spot (share internet with other users)

some cisco switches have mac address limitation on one port, but i'm not sure WLC have same function,

anyway, thank both of you !

VIP Purple

Re: [Ask] How to restriction number of mac address per client on

HI Nguyen,

There is no otherway to stop from WLC.

Reagrds

Hall of Fame Super Silver

[Ask] How to restriction number of mac address per client on WLC

Sandeep is right here.... many of those phones and even software for PC's will NAT and thus the wireless system only sees one mac address.  Have HR send out a notification to users that sharing connection to internal resources will not be tolerated, then see if this stops or not.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
Hall of Fame Super Gold

[Ask] How to restriction number of mac address per client on WLC

The solution cannot be fixed with Wireless.

This solution can only be fixed using AD.

I remembered in a place where I used to work that they can control the aspect of how your computer behaves using AD to the extent you cannot use the USB ports.  You'll need special permission and fill out a 12-page document to get this lifted.

With AD, you can prevent a laptop for using both Wireless and wired simultaneously.

You also have to consider using a proxy server so you'll be able to track down users.

290
Views
5
Helpful
6
Replies
This widget could not be displayed.