Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

WLC - How to block a single client MAC address?

Hi Sir,

On a WLC (software version, how to block a single client MAC address?

I thought of using the SECURITY -> Disabled Clients. Is it right?

There are currently 250 users connected to the WLC. MAC Filtering is not a scalable solution because as I understand it, we have to specify all the legitimate MAC addresses in the local database.

Thank you.


Lim TS

Hall of Fame Super Red

Re: WLC - How to block a single client MAC address?

Hi Lim,

As you have discovered, the Mac filtering on the WLC is an Allow (based on Mac address) rather than what you need which is a Deny (based on Mac address). I have not tried this feature but I think you are on the right track in using the Exclusion List (Blacklist) feature. Have a look;

Use SECURITY > AAA > Disabled Client then click New or MONITOR > Clients then click Disable to navigate to this page.

This page allows you to manually Exclusion List (blacklist) a client by MAC address.

Add the MAC Address and an optional Client Description for the client to be disabled.


Note When you enter a client MAC address to be disabled, the Operating System checks that the MAC address is not one of the known Local Net clients ( Local Net Users), Authorized clients ( MAC Filtering), or Local Management users ( Local Management Users) MAC addresses. If the entered MAC address is on one of these three lists, the Operating System does not allow the MAC address to be manually disabled.

Hope this helps! Let us know.


New Member

Ok, it's working. I forgot

Ok, it's working. I forgot that disabling doesn't mean that the client will not keep attacking us.... Is there a way to acknowledge certain clients so we won't be notified when he attacks us? 
So after we disabled the client, we shouln't get any attack-messages regarding this client..

New Member

Hi, I've added the client MAC

Hi, I've added the client MAC address to the disabled clients list, but I still get notifications that the client is sending out a lot of deauth messages.. Looks like the disabled clients list is not working.. Did it work for you?

Hi,Go through below link for


Go through below link for complete detail and configuration of MAC address filtering  on WLC.

CreatePlease to create content