Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricting Wireless Access

Hello All,



I need to figure out a way to restrict access to an SSID for hand held scanner guns.  We are using certificates and AD accounts for the other SSIDs but this one is only used by hand held scanner guns.  I was thinking about a MAC address filter but have been told that those are easily hacked.   Any ideas?


Thanks in advance.  All replies rated.

New Member

I'm struggling with this too.

I'm struggling with this too.  Some Motorola/Symbol scanners have some 802.1x supplicant built in to the OS if OS is WinCE type.  These may be able to do EAP-TLS with a cert, or PEAP MS-CHAPv2 username/password.

Other older ones can only do WEP.

For WEP guns at WAN sites, I'm considering a separate, centrally switched WLAN with ACLs on the router to restrict where clients can go.  All clients will land on the same subnet and all traffic will have to come back to the data center where the WLC and inventory DB is.

PSK is usually an option, but any device with the key will have access.

Hall of Fame Super Gold

You can create a wireless

You can create a wireless local profile if your WLC firmware supports it.


well the only other option

well the only other option can be mac based authentication where AD based in not support and you can restrict that access using acls .


Hi,By creating a local


By creating a local wireless profile you can restrict access to an SSID for hand held scanner guns. 

New Member

Please elaborate on "local

Please elaborate on "local wireless profile."  Will it work at H-REAP (flexconnect) sites where there is no local WLC?