Blocking Client MAC Addresses at Sup720/WLSM?

Tobias Heisele · ‎10-12-2005

I want to block client MAC addresses at the central 6500, where the WLSM is located. Is there any solution like "dot11 association mac-list" at the accesspoints? I tried an "access-expression" on the tunnelinterface, but it did not work. Any suggestions?

Report Inappropriate Content · ‎10-19-2005

Here is an example of config

switch(config)# mac access-list extended ARP_Packet

Switch(config-ext-nacl)# permit host 0000.861f.3745 host 0006.5bd8.8c2f 0x806 0x0

Switch(config-ext-nacl)# end

Issue the vlan access-map map_ name command and the action drop command, which is the action to perform.

The vlan access-map map_ name command uses the MAC access list that you created to block ARP traffic from the hosts.

Switch(config)# vlan access-map block_arp 10

Switch (config-access-map)# action drop

Switch (config-access-map)# match mac address ARP-Packet

Add an additional line to the same VLAN access map to forward the rest of the traffic.

Switch(config)# vlan access-map block_arp 20

Switch (config-access-map)# action forward

Choose a VLAN access map and apply it to a VLAN interface.

Issue the VLAN filter vlan_access_map_name vlan-list vlan_number command.

Switch(config)# vlan filter block_arp vlan-list 2

Tobias Heisele · ‎10-20-2005

My problem is, there is no Vlan interface. I just have the tunnel interfaces for layer 3 roaming.