Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Block client MAC on VLAN


I have a WLC 4402 configured with two VLANs (Company and GuestNet).

Now I need to block a client on the GuestNet VLAN only using its MAC address.

The access to the company WLAN should still be permitted.

What is the easiest way to configure this?

Thanks in advance!

Best regards,


Cisco Employee

Re: Block client MAC on VLAN

Not sure you can do this on the WLC as far as I know its only IP ACLs. Only ever used mac filters to authenticate not deny access.

However you caould apply a MAC ACL on the switch, or if its an internal client inform him of the security policies and tell him to stop being naughty!

Hall of Fame Super Silver

Re: Block client MAC on VLAN

Agreed... you can create an ACL to block a MAC on the switch level, but not on the WLC.  I'm guessing you are doing either open access to the guest or web pass-through.  Using these type of guest access can't prevent any other users to access your guest net.  Maybe you should look at doing Web-Auth, unless you are doing this now and you have one person who has access.... but then again, you can always change the username/password.

*** Please rate helpful posts ***
CreatePlease to create content