Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MAC-Adress Filtering vs. Access - Lists

We are using two WLC 4400 Series Controller for our Guest WLAN. They are installed the way Cisco Recommends . One in our LAN and one in the DMZ.

I am looking for a possibility to deny company users the access to this WLAN with their notebooks. The WLAN has direkt internet access and we don't want our notebooks to be compromised...

With MAC-Adress Filterring I can only permit access to a specific Wlan or is there a way to negogiate such a filter to use it for a denial?

Is there a possibility to use access lists for the denial of specific Mac-Adresses to a specific WLAN ?

Anyone an other good Idea how to solve this issue?

Hall of Fame Super Silver

Re: MAC-Adress Filtering vs. Access - Lists

Well... MAC-address filter would work, but if you have alot to input, it can be a headache. ACL's I don't think will work, because users will get an ip from the guest network and then how can you know who has what address. Create a username password webauth page. The credentials can be changed each day or week depending.... and give this out to guest users to access the guest network. Now internal user can't access this unless the username password slips out. If you really want to make it tough, use GPO and push out the wireless policy and lock out the feature to add a wireless network.

*** Please rate helpful posts ***
New Member

Re: MAC-Adress Filtering vs. Access - Lists

But to use the MAC-adress filter isn't it only a positve list, so everybody inside the list ist allowed access?

I would need it to use the MAC filter negative, so everybody ist the list is denied the access.

The solution by a webauth page is in use in the moment. But our users are not that sensible with password information. That is the reason why i am looking for a strikt technical solution

Hall of Fame Super Silver

Re: MAC-Adress Filtering vs. Access - Lists

Correct it is a positive list and there is not way you can have a negative list. The only way is to push a GPO to configure the wireless profile.

*** Please rate helpful posts ***