Blocking a MAC address with WCS
I recently deployed a 4404 with WCS and want to block a MAC address from connecting to our wireless because of Deauth floods. We have around 40 APs. I am thinking it should be done through a template, but not sure. Can anyone lead me to right document that explains the process of blocking specific MAC addresses?
thanks,
Jonathan
Hi Jonathan,
Have you see this doc;
Configuring a MAC Filter Template
Cisco Wireless Control System Configuration Guide, Release 4.0
http://www.cisco.com/en/US/products/ps6305/products_configuration_guide_chapter09186a00806b7273.html#wp1068145
Hope this helps!
Rob
Please remember to rate helpful posts.....
Similar Messages
-
Block cloned MAC address in WCS
Hi I would like to ask if I can block a user who connects to our network and generates high usage of internet.
The problem is every time he clones his MAC address.
PS ...( WITH OUT SETTING A PASSWORD ON THE APs AND WITH OUT SWITCHING THEM OFF)
THXChris
Only way to prevent it is to do exactly what you mentioned you don't want to do and that's set a password or eap security. Layer 2 hacks have been around for ages. Very hard to defend unless you lift security requirements.
Sent from Cisco Technical Support iPad App -
Blocking all MAC addresses except for the ones you allow
I have a Cisco Aironet 1200 Access Point. I want to block all MAC addresses from accessing the access point, except for the ones I've allowed. First I went to the Address Filters page and clicked on Allowed, then listed all the MAC address I want to be able to access the access point. Then I went to the Ethernet Advanced page, and set the Default Multicast Address Filter to Disallowed, and the Default Unicast Address Filter to Disallowed. Then I went to the AP Radio: Internal Advanced page, clicked on the Advanced Primary SSID Setup link, and set the Default Unicast Address Filter to Disallowed. Accept Authentication Type is set to Open with Shared and Network-EAP cleared, and the Require EAP check boxes are all cleared.
When using a computer whose MAC address is not listed on the Address Filters page, I am still able to connect to the network through the access point. I am also able to connect to the access point from any pc on my network by entering its IP address in Internet Explorer.
What do I need to do to block any pc without a listed MAC address from connecting to the access point?
Thanks, JeffHere's the instructions and URL on how to create an MAC based filter:
Follow these steps to create a MAC address filter:
Step 1 Follow the link path to the Address Filters page.
Step 2 Type a destination MAC address in the New MAC Address Filter: Dest
MAC Address field. You can type the address with colons separating the character pairs
(00:40:96:12:34:56, for example) or without any intervening characters (004096123456, for example).
Note If you plan to disallow traffic to all MAC addresses except
those you specify as allowed, put your own MAC address in the list of allowed MAC
addresses. If you plan to disallow multicast traffic, add the broadcast MAC address
(ffffffffffff) to the list of allowed addresses.
Step 3 Click Allowed to pass traffic to the MAC address or click Disallowed
to discard traffic to the MAC address.
Step 4 Click Add. The MAC address appears in the Existing MAC Address
Filters list. To remove the MAC address from the list, select it and click Remove.
Step 5 Click OK. You return automatically to the Setup page.
Step 6 Click Advanced in the AP Radio row of the Network Ports section at
the bottom of the Setup page for the radio you want to configure. The AP Radio Advanced page appears. -
Block Wired MAC addresses?
WRT54g Version 5.0
Firmware 1.02.8
I have been able to figure out how to block Wireless MAC addresses, and that has been VERY helpful.
( Wireless Tab -> Wireless MAC filter -> Permit Only -> and so on.... )
But I am cannot find out how to block certain wired based MAC addresses. Is this possible?
Solved!
Go to Solution.Yes. With access restrictions.
Of course, as MAC addresses are easily changed, cloned and detected on wireless connections (as MAC addresses are always transferred unencrypted) the wireless mac filter is useless for wireless security. On the wireless, use WPA2 Personal with AES and a strong passphrase. The wireless MAC filter won't make a difference in regard to your WPA2 protected wireless network.
Same applies to wired devices and access restrictions. Of course, the difference with wired connections is that you have better control over you can plug into your router and who not... -
HWIC-4ESW having same MAC address with fa0/0 from CISCO2811 router.
Hi Expert, I Have a situation where a 2811 is configured with 2 VLANs from HWIC-4ESW module, different ports configured, however the VLAN interfaces have the same mac-address with fa0/0 which causes ARP poisoning problem. It that anyway to solve this problem?
Hi Lee,
My understanding is, this is expected behavior and is due to the hardware limitation of the HWIC-4ESW Module. And I think the HWIC-4ESW Module (at least from my lab testing) always takes the MAC Address of the first on board LAN Interface.
Also, I am able to change the MAC Address of the first on board LAN Interface (Ex.Gig0/0) but I cannot change the MAC Address of the VLAN SVI.
I hope it helps.
Regards,
Arul
** Please rate all helpful posts ** -
How to specify in the ISE mac-address with its description?
Hello :-)
I want to implement ISE 1.2.
We have a database of mac-addresses and their description (for example the phone with the Mac address, John).
When connecting the phone John to a wifi network, WLC checks its mac-address in the database and allows access.
How to specify in the ISE Mac address with its description?
In the endpoint settings in ISE 1.2 there is no description field. We have ISE1.2.1.198, vWLC 8.0.100, AIR-LAP1131, MS AD (Win2003).
How can I handle this situation? Any ideas?This link http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_network_devices.html about managing network devices(router,switch), not endpoints(phone, notebook).
-
Is it easy to block a mac address on airport extreme?
I have plans of changing my router to an apple airport extreme. Is it easy to block a mac address on apple's airport extreme?
So you can just control the time that they're connected.
You can set up daily time limits to allow a specific device to connect at the times that you specify. It is possible to set up different "rules" for each individual device......so your Mac could connect anytime, but other devices connect only at the times that you specify.
It is also possible to set up a rule to not allow a device to connect at all at any time. That would be called the "No Access" rule.
In order for the PS4 to connect automatically, a router needs to have UPnP service. The AirPorts do not have this. If you want to connect the PS4 to the AirPort, you will need to plan to set up the port mapping manually. -
Blocking Client MAC Addresses at Sup720/WLSM?
I want to block client MAC addresses at the central 6500, where the WLSM is located. Is there any solution like "dot11 association mac-list" at the accesspoints? I tried an "access-expression" on the tunnelinterface, but it did not work. Any suggestions?
Here is an example of config
switch(config)# mac access-list extended ARP_Packet
Switch(config-ext-nacl)# permit host 0000.861f.3745 host 0006.5bd8.8c2f 0x806 0x0
Switch(config-ext-nacl)# end
Issue the vlan access-map map_ name command and the action drop command, which is the action to perform.
The vlan access-map map_ name command uses the MAC access list that you created to block ARP traffic from the hosts.
Switch(config)# vlan access-map block_arp 10
Switch (config-access-map)# action drop
Switch (config-access-map)# match mac address ARP-Packet
Add an additional line to the same VLAN access map to forward the rest of the traffic.
Switch(config)# vlan access-map block_arp 20
Switch (config-access-map)# action forward
Choose a VLAN access map and apply it to a VLAN interface.
Issue the VLAN filter vlan_access_map_name vlan-list vlan_number command.
Switch(config)# vlan filter block_arp vlan-list 2 -
Can iPhone 6 hotspot block unknown MAC addresses?
i am somewhat concerned that someone can hack my iPhone 6 hotspot.
is there a way to block devices with unknown MAC address from connecting to the hotspot?
is such a feature available, feasible, desirable?
anybody?
regardsPlease anyone?
-
How to find mac address with 10.7.2 on macbook air
my dorm doesnt have wifi we r required to sumit our mac address in order to connect to use internet with internet cable
i have an air with 10.7.2 and bought a ethernet adapter still can find my mac address.........plz help meUse the System Information. To get to this, go to the Apple menu, select About this Mac, and click the System Report button.
In the left column go to Network and select Wifi. Under interfaces select en1 and look for the MAC address.
Alternatively you can use System Preferences > Network > Wi-Fi > Advanced button > Hardware tab > MAC address.
Best of luck. -
Parse Mac Address with match regular expression
Hi Everyone,
I have a problem with the Match Regular Expression function,
I am trying to parse the response two a arp -a 192.168.0.15 request in order to extract MAC address of this remote IP, I used the following RegEx: ^([0-9a-fA-F]{2}[:-]){5}([0-9a-fA-F]{2})$
I am wondering why do I need to do a string subset first to extract only the MAC Address part. Isn't Match Regular Expression function capable of recognizing the RegEx directly in the middle of a string?
I only works when I extract the right tring subset as in the picture bellow.
Thanks for your answers.
Solved!
Go to Solution.
Attachments:
Mac Address.JPG 40 KBGet rid of the "^" in the beginning of your regular expression. You are instructing it to find the pattern at the beginning of the string.
Mark Yedinak
"Does anyone know where the love of God goes when the waves turn the minutes to hours?"
Wreck of the Edmund Fitzgerald - Gordon Lightfoot -
Blocking a MAC address from Authentication to AIR-AP1230 12.3(8) JA
Anyone know the CLI commands for blocking a single MAC address from Associating to an AIR-AP1230 running 12.3(8)?
This link may help as well:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080184aa0.html#91655
Change the Action to Block, make the Default Action Forward All, and make the mask 0.0.0.0. Apply this to the dotllradio interface (or sub-interface), filtering inbound packets. This should block the specified MAC address only. -
Block curtain MAC-addresses on my WRT54GL
Hello
I use a Linksys WRT54GL for my wireless setup in my apartment. I have noticed that there sometimes are unknown MAC-addresses in "DHCP Clients Table". I guess it is my neighbours or someone on the street.
Am I able to block a curtain MAC-address, so I precent them to connect to my network. And how?
Best regards,
MAthiasUnder the Wireless tab,click on the Wireless Mac Filter>>>>choose the option enable and click on the option "document.write("Prevent PCs listed below from accessing the wireless network.") Prevent PCs listed below from accessing the wireless network" and then,click on Edit Mac Filter List to enter the Mac Address which you want to prevent.
-
Help! My address book is duplicated, iCloud and On My Mac and I don't know how to merge them so that I don't have double entries. All I want is iCloud, so that it transfers to my other devices. At the moment I have birthdays twice or even three times in my iCal, because of duplicate address books. This is infuriating me, and I'm sure is a simple fix.
ThanksWelcome to the Apple Community.
You can move your contacts from 'on my mac' by dragging them to the iCloud account.
This user tip might help you understand how accounts work with Address Book. (25) -
Not able to get the all connected mac address with snmpwalk on sg300-28
am having SG300-28 switch, I am using Opennms to monitor it, but somehow the snmpwalk on the switch is not returning me the whole mac table.
the command i am using is snmpwalk -v 2c -c pex 192.168.x.x .1.3.6.1.2.1.4.22.1
the output is
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.6 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.23 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.30 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.6 = Hex-STRING: 76 6B E9 2E xx xx
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.23 = Hex-STRING: 74 D4 35 CF xx xx
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.30 = Hex-STRING: 50 46 5D 06 xx xx
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.6 = IpAddress: 192.168.x.x
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.23 = IpAddress: 192.168.x.xx
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.30 = IpAddress: 192.168.x.xx
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.6 = INTEGER: 3
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.23 = INTEGER: 3
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.30 = INTEGER: 3
it's showing me the three nodes but actually there are 10 nodes connected, anyone having Idea what is wrong?
Regards,
Deepakam having SG300-28 switch, I am using Opennms to monitor it, but somehow the snmpwalk on the switch is not returning me the whole mac table.
the command i am using is snmpwalk -v 2c -c pex 192.168.x.x .1.3.6.1.2.1.4.22.1
the output is
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.6 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.23 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.30 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.6 = Hex-STRING: 76 6B E9 2E xx xx
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.23 = Hex-STRING: 74 D4 35 CF xx xx
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.30 = Hex-STRING: 50 46 5D 06 xx xx
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.6 = IpAddress: 192.168.x.x
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.23 = IpAddress: 192.168.x.xx
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.30 = IpAddress: 192.168.x.xx
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.6 = INTEGER: 3
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.23 = INTEGER: 3
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.30 = INTEGER: 3
it's showing me the three nodes but actually there are 10 nodes connected, anyone having Idea what is wrong?
Regards,
Deepak
Maybe you are looking for
-
Epson Stylus Photo R320 Won't show in OS 9.2.2 Chooser
I just purchased an Epson Stylus Photo R320, primarily to print on CDs and DVDs. This fancy new inkjet replaced my dependable Epson C-86. My problem is that after installing the Epson printing software on my G5 2.0, I can print, as usual, great in 10
-
Help centering background video in fluid grid layout inside div
Hopefully this all makes sense. I am trying to center the background video (the animation on the website towards the bottom)... I have tried all sorts of things to try and center this. If it can't be done, it can't be done. The banner on top works as
-
Any help is greatly appreciated
-
Since goimg to 4 firefox i get a message that the command is not getting to the program pogo
since i updated to firefox 4 i get an error message that says the command is not getting to the program. That is for pogo only i have no problem elsewhere. I would like to ask how to reset my firefox homepage after someone has changed. It is firefox
-
AS3 newbe target my_mc question
Good day to all of you. I have a basic question. I have movC_mc inside movB_mc inside movA_mc AS2 to access movC_mc from the my Actions layer in frame 1 in the root would be movA_mc.movB_mc.movC_mc My question is how can I target the movA_mc fro