Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
153
Views
3
Helpful
5
Replies

Is there a way to MAC filter at the AP level

Go to solution
bpierson
Level 1
Level 1

‎04-30-2024 06:56 AM

I have a customer that wants have Non 802.1x aware devices to log a SSID with PSK but have the devices filtered by MAC. The remote site is on FlexConnect. They would like to lock down the SSID because a PSK gets shared around too quickly and the WAN link bandwidth is exhausted. They want to make sure they can get any needed device back online while the link is down. They have 9800 WLCs and C9130s. Thanks for any pointers to documentation or process.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to bpierson

‎04-30-2024 08:49 AM

The solution you looking may not be possible if the AP join WLC - WLC do the all task.

May be you should have local WLC or AP act as WLC for the remote sites to manage locally.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-30-2024 07:48 AM

You can have MAC ACL on cat 9800  (check below guide can help and understand is this works for you?)

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213922-configure-mac-authentication-ssid-on-cis.html

They want to make sure they can get any needed device back online while the link is down.

not sure we understand this correctly can you explain more on this context.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
bpierson
Level 1
Level 1
In response to balaji.bandi

‎04-30-2024 07:56 AM

The customer does not want to go to the controller for the mac filtering. They want to know if there is a way to have the AP do all of the security if the controller connection is down, PSK with MAC filtering. They realize the MACs would be need on the individual APs.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to bpierson

‎04-30-2024 08:49 AM

The solution you looking may not be possible if the AP join WLC - WLC do the all task.

May be you should have local WLC or AP act as WLC for the remote sites to manage locally.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
bpierson
Level 1
Level 1
In response to balaji.bandi

‎04-30-2024 11:50 AM

Thanks for that, they are afraid of too much delay to their Azure based controller or down links.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to bpierson

‎04-30-2024 10:53 PM

You can have bandwidth limit per client or per service based on the perimeter of Site.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card