Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking of complete Vendor MAC Address

Hi All,

is it possible to Block or Disable a complete Vendor MAC - like  Apple 7c:6d:62:x:x:x - with using Wildcards on a Wireless LAN Controller? Background is, that the Customers IT-Department is only allowing the use of one Vendor, so every MAC Address of another Vendor is rogue. If Blocking is not possible on WLC, can i do this on ACS?

Thx in adv, Michael

3 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Blocking of complete Vendor MAC Address

Hi,

Unfortunately there is no option of using  wildcard mask on WLC for mac filtering. We need to configure complete  individual MAC addresses which needs to be allowed (rest of it would be  blocked).

More information :  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml

Regards,

Madhuri

Cisco Employee

Re: Blocking of complete Vendor MAC Address

This can be done using the Autonomous APs but not with LWAPP and WLC.. even on the ACS we provide the MAC address.. we dont use the mask.. however the IOS APs we specify the mask..

Regards

Surendra

Cisco Employee

Re: Blocking of complete Vendor MAC Address

Hi

if you create a NAR entry on ACS, you can use callerID information (DNIS) which will have the mac address.

then on ACS, it will support wildcards for all or part of each of the attributes:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/c.html#wp697209

so, it should be posible to be done on WLC, if you move the validation into ACS itself.

Regards

3 REPLIES
Cisco Employee

Re: Blocking of complete Vendor MAC Address

Hi,

Unfortunately there is no option of using  wildcard mask on WLC for mac filtering. We need to configure complete  individual MAC addresses which needs to be allowed (rest of it would be  blocked).

More information :  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml

Regards,

Madhuri

Cisco Employee

Re: Blocking of complete Vendor MAC Address

This can be done using the Autonomous APs but not with LWAPP and WLC.. even on the ACS we provide the MAC address.. we dont use the mask.. however the IOS APs we specify the mask..

Regards

Surendra

Cisco Employee

Re: Blocking of complete Vendor MAC Address

Hi

if you create a NAR entry on ACS, you can use callerID information (DNIS) which will have the mac address.

then on ACS, it will support wildcards for all or part of each of the attributes:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/c.html#wp697209

so, it should be posible to be done on WLC, if you move the validation into ACS itself.

Regards

1683
Views
0
Helpful
3
Replies