i have a cisco 871w with two ssids configured. one for my private network, and one for the guest network. is there a way i can keep wireless clients from associating with the ssid for the private network? if your mac isn't specified in one of the ACLS, i don't want the client to have the ability to associate. i have tried:
bridge-group 1 input-access-list <mac address acl number> and it seems that the clients can stil associate with the private network. they may not be able to get anywhere, but i don't want them to even associate with it.
Cos of the way 802.11 is designed, there is no way to use MAC filtering the way we could in an ethernet network.
What you could try is to disable SSID broadcasting on the router, that way, the accesspoint / router would stop sending out broadcasts and only clients who knew the ssid and wep keys would be able to associate with the network.
Please note that for any person with a compliant card and software like airodump, it would still be possible to "listen" in to the ssid using the software and associate with the AP if he knows what the WPA / WEP keys are. Later, he could spoof his mac address using software like smac and logon to your wireless networs as the frames are most likely not encrypted
Disabling SSID broadcast however, would deter the casual user from associating as the network would not show up in a normal winxp based scan for wireless networks.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...