Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Automated method to drop a MAC from wireless controller

Is there a way to write a script to automatically terminate a MAC address on a wireless controller (running software version 7.0.235.0) from being able to use wireless?  We are trying to utilize an internal system that would trigger a script to terminate a problamatic client from using the wireless in an automated way.  The conceptial thinking would be to use somekind of CLI command in the wireless controller to accomplish this.  Any help or suggestions are appreciated.

4 REPLIES

Automated method to drop a MAC from wireless controller

you could either do a :

config client deauthenticate < cleint mac address> but this will just punt them from the WLC.

or

config exclusionlist add < mac address> < desciption of why excluded>

This will persist until you go in and remove the exclusion

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Automated method to drop a MAC from wireless controller

Thank You Steve.

I do think the "exclusionlist" command is the way to go.  And yes, we are looking for a persistant exclusion until the client fixes their machine.

Cisco Employee

Automated method to drop a MAC from wireless controller

what kind of client issues are you targetting.

#Client exclusion timer can be adjusted per wlan from its advaced tab for mentioned exclusion policies to blacklist the violated clients automatically.

#WLC has built in wIDS to detect basic attacks, however it won't blacklist those attacking(or non configured) clients automatically.

New Member

Automated method to drop a MAC from wireless controller

Thank you Saravanan.

Some Backround:

The client issues are not really something that wIDS would catch.  The issues are internal company policy related and we are using a type of IDS method to trigger a script to basically shun the client from getting onto the network.  Now, there is a desire to include all wireless users regardless of authentication type.  However, the desire is for the scripts to automatically be implemented by logging into the WLC via CLI session to insert the command.  This script can happen at any time of the day or night.

527
Views
10
Helpful
4
Replies