Hello, looking for a bit of help on what I consider a simple request only I cant seem to make the AP do what I want. Have a AP-1231, set it up so that I have 3 SSIDs broadcasting nicely and all I wanted to do is utilise the local MAC list so that If your Mac is not listed you cannot use any of the SSIDS. This works with a single SSID as I have done it, but all that happens when I pick a ssid to authenticate with MAC & then put a nominal MAC address in the list is that the WPA key I was using gets removed and it locks up the SSID, not to mention the HTTP managment page hangs. Is there an easy way of doing this? A bit annoyed now as I have spent a whole day on this problem and not really got anywhere. Not much posted on using local MAC for multiple SSID's on the NET, quite suprised really. Anyway any help would be awesome!!!
Thank you for your reply Bill, However I dont see why using WPA TKIP encryption prevents you from having a ACL in effect of which MAC addresses are allowed to authenticate, This is a basic feature on most domestic ADSL Wireless routers, I have previously done this with a Single SSID and WEP using an AP1200?? I just assumed that because domestic wireless ADSL routers can have WPA encryption with the added benefit of a list of authorised MAC users that the AP would also be able to do the same. So am I stuck then? I am not sure that MAC address authentication is solely what I want to do, I dont really understand how using WPA-PSK has anything to do with an additional list of which MAC addresses can use the service? - thank you for the link anyway...still a bit miffed though....
Probably because a MAC ACL on a wireless network is not secure, for the following reason most Wireless adapters have the abbilty to have a localy mannaged MAC address. The result is all a hacker has to do is sniff your wireless system to learn a MAC address type it into his adapter and he is on your system, so all your work maintaining the ACL was bypassed in about a minute by the hacker. The ACL is still valid fot wired networks because with switches it is difficult to learn MAC addresses without being connected to your wire.
The Curret Best practice is to use some version of WPA with a Strong Passphrase/Password for a secure wireless network.
If you need additional security beyond the AP the use of VLANS and ACL's on the switches and routers is a very popular practice.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...