10-12-2005 11:55 PM - edited 07-04-2021 11:13 AM
I want to block client MAC addresses at the central 6500, where the WLSM is located. Is there any solution like "dot11 association mac-list" at the accesspoints? I tried an "access-expression" on the tunnelinterface, but it did not work. Any suggestions?
10-19-2005 12:40 PM
Here is an example of config
switch(config)# mac access-list extended ARP_Packet
Switch(config-ext-nacl)# permit host 0000.861f.3745 host 0006.5bd8.8c2f 0x806 0x0
Switch(config-ext-nacl)# end
Issue the vlan access-map map_ name command and the action drop command, which is the action to perform.
The vlan access-map map_ name command uses the MAC access list that you created to block ARP traffic from the hosts.
Switch(config)# vlan access-map block_arp 10
Switch (config-access-map)# action drop
Switch (config-access-map)# match mac address ARP-Packet
Add an additional line to the same VLAN access map to forward the rest of the traffic.
Switch(config)# vlan access-map block_arp 20
Switch (config-access-map)# action forward
Choose a VLAN access map and apply it to a VLAN interface.
Issue the VLAN filter vlan_access_map_name vlan-list vlan_number command.
Switch(config)# vlan filter block_arp vlan-list 2
10-20-2005 06:23 AM
My problem is, there is no Vlan interface. I just have the tunnel interfaces for layer 3 roaming.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: