Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How can i create MAC base ACL in cisco router 2800 &1800

How can i create MAC base ACL in cisco router 2800 &1800

hi,

I want to create mac base ACl for all  users and laptop . So that I can restrict unauthorized user or laptop. MY current scenario is like :---

wireless user/Laptop ------> Access point------->Poe switch (L2)-------> WLC (wireless LAN controller )-------->Radius server ------------>AD------------> LAN

In above scenario unauthorized user can access Internet or can get some access through static IP. So i am planning to implement following because i have Cisco 2800 and Cisco 1800 router  and also due lack of budget.

wireless user/Laptop ------> Access point------->PoE switch (L2)------->Cisco router (with MAC base ACL)--------> WLC-------->Radius server ------------>AD------------> LAN

Please suggest me to resolve this issue.

Thanks & Regards,

Sujeet

1 REPLY
Cisco Employee

Re: How can i create MAC base ACL in cisco router 2800 &1800

Hi Sujeet,

LAP is building data tunnel using CAPWAP (old LWAPP) towards WLC. WLC than will forward the client traffic accordingly on the dynamic interface of WLC (vlan) - hence router between LAP and WLC only sees CAPWAP(LWAPP) traffic.

I assume as per your request you like restrict based on MAC address the access to your network for wireless users.


WLC has a Layer 2 security feature for MAC address filter.

WLC GUI > WLAN > WLAN ID edit> Security > Layer 2 > checkbox : Mac Filter

http://www.cisco.com/en/US/partner/products/ps6366/products_tech_note09186a0080987b7c.shtml

Layer 2 Security Mechanism

MAC Filtering

Select to filter clients by MAC address. Locally configure                     clients by MAC address in the MAC Filters > New page. Otherwise, configure                     the clients on a RADIUS server.

Maybe you can use on WLC the MAC filter feature instead.

Note: MAC filter is not realy secure since MAC address can be spoofed easaly.

Best regards

Roger

1323
Views
5
Helpful
1
Replies
CreatePlease to create content