Blocking Client MAC Addresses at Sup720/WLSM?

Similar Messages

• WLC - How to block a single client MAC address?

  Hi Sir,
  On a WLC (software version 4.1.185.0), how to block a single client MAC address?
  I thought of using the SECURITY -> Disabled Clients. Is it right?
  There are currently 250 users connected to the WLC. MAC Filtering is not a scalable solution because as I understand it, we have to specify all the legitimate MAC addresses in the local database.
  Thank you.
  B.Rgds,
  Lim TS

  Hi Lim,
  As you have discovered, the Mac filtering on the WLC is an Allow (based on Mac address) rather than what you need which is a Deny (based on Mac address). I have not tried this feature but I think you are on the right track in using the Exclusion List (Blacklist) feature. Have a look;
  Use SECURITY > AAA > Disabled Client then click New or MONITOR > Clients then click Disable to navigate to this page.
  This page allows you to manually Exclusion List (blacklist) a client by MAC address.
  Add the MAC Address and an optional Client Description for the client to be disabled.
  Note When you enter a client MAC address to be disabled, the Operating System checks that the MAC address is not one of the known Local Net clients ( Local Net Users), Authorized clients ( MAC Filtering), or Local Management users ( Local Management Users) MAC addresses. If the entered MAC address is on one of these three lists, the Operating System does not allow the MAC address to be manually disabled.
  Hope this helps! Let us know.
  Rob

• HT4061 My gateway PC is locked up after itunes update.  When i restarted the computer for the hangers to take effect. Now my pc is locked up.  It gives me a client Mac address and no boot file name received.  What happened, and how do I get my pc back?

  jute way pc locked up after iTunes update.   It says client Mac address 001320 be ad 25 .  PXE E53  No boot file name received
  pXE MOF.  Exiting Broadcom PXE. ROM .  How do I unlock my pc?

  jute way pc locked up after iTunes update.   It says client Mac address 001320 be ad 25 .  PXE E53  No boot file name received
  pXE MOF.  Exiting Broadcom PXE. ROM .  How do I unlock my pc?

• HT4061 I downloaded an iTunes update on my HP.  PC and restarted the computer for the hangers to take effect. Now my pc is locked up.  It gives me a client Mac address and no boot file name received.  What happened, and how do I get my pc back?

  I downloaded an iTunes update and when ashen I restarted my pc it locked up.  It says client Mac address 001320bead25,   PXE E53  No boot file name received.  PXE MOF.  Exiting Broadcom pie rom.   How do I get my pc back!

  When you installed iTunes on your work computer, then connected your iPad to that computer, it wiped what was on the iPad, then put the iTunes library (nothing) from the work computer onto the iPad. You can try copying the iTunes folder from your home computer over to your work computer, but since the apps were bought with a different account, they may not load or update properly.

• Cisco WLC Client MAC address backup to new Controller & ISE

  Hi All,
  We have an existing 4400 controller with MAC filtering for clients configured. Right Now, we are migrating to 5500 WLC and ISE setup.
  We want to use MAC filtering due to company policies on the new Controller as well as ISE.
  Is there a way (from GUI/CLI) that we can export the client MAC Addresses into an Excel file from existing WLC to new WLC & ISE?
  Thanks,
  CJ

  On the CLI issue a show macfilter summary and then import that into excel or a text editor.
  Sent from Cisco Technical Support iPhone App

• Is it easy to block a mac address on airport extreme?

  I have plans of changing my router to an apple airport extreme. Is it easy to block a mac address on apple's airport extreme?

  So you can just control the time that they're connected.
  You can set up daily time limits to allow a specific device to connect at the times that you specify. It is possible to set up different "rules" for each individual device......so your Mac could connect anytime, but other devices connect only at the times that you specify.
  It is also possible to set up a rule to not allow a device to connect at all at any time. That would be called the "No Access" rule.
  In order for the PS4 to connect automatically, a router needs to have UPnP service. The AirPorts do not have this. If you want to connect the PS4 to the AirPort, you will need to plan to set up the port mapping manually.

• Blocking all MAC addresses except for the ones you allow

  I have a Cisco Aironet 1200 Access Point. I want to block all MAC addresses from accessing the access point, except for the ones I've allowed. First I went to the Address Filters page and clicked on Allowed, then listed all the MAC address I want to be able to access the access point. Then I went to the Ethernet Advanced page, and set the Default Multicast Address Filter to Disallowed, and the Default Unicast Address Filter to Disallowed. Then I went to the AP Radio: Internal Advanced page, clicked on the Advanced Primary SSID Setup link, and set the Default Unicast Address Filter to Disallowed. Accept Authentication Type is set to Open with Shared and Network-EAP cleared, and the Require EAP check boxes are all cleared.
  When using a computer whose MAC address is not listed on the Address Filters page, I am still able to connect to the network through the access point. I am also able to connect to the access point from any pc on my network by entering its IP address in Internet Explorer.
  What do I need to do to block any pc without a listed MAC address from connecting to the access point?
  Thanks, Jeff

  Here's the instructions and URL on how to create an MAC based filter:
  Follow these steps to create a MAC address filter:
  Step 1 Follow the link path to the Address Filters page.
  Step 2 Type a destination MAC address in the New MAC Address Filter: Dest
  MAC Address field. You can type the address with colons separating the character pairs
  (00:40:96:12:34:56, for example) or without any intervening characters (004096123456, for example).
  Note If you plan to disallow traffic to all MAC addresses except
  those you specify as allowed, put your own MAC address in the list of allowed MAC
  addresses. If you plan to disallow multicast traffic, add the broadcast MAC address
  (ffffffffffff) to the list of allowed addresses.
  Step 3 Click Allowed to pass traffic to the MAC address or click Disallowed
  to discard traffic to the MAC address.
  Step 4 Click Add. The MAC address appears in the Existing MAC Address
  Filters list. To remove the MAC address from the list, select it and click Remove.
  Step 5 Click OK. You return automatically to the Setup page.
  Step 6 Click Advanced in the AP Radio row of the Network Ports section at
  the bottom of the Setup page for the radio you want to configure. The AP Radio Advanced page appears.

• Block Wired MAC addresses?

  WRT54g Version 5.0
  Firmware 1.02.8
  I have been able to figure out how to block Wireless MAC addresses, and that has been VERY helpful.
  ( Wireless Tab -> Wireless MAC filter -> Permit Only -> and so on.... )
  But I am cannot find out how to block certain wired based MAC addresses.  Is this possible?
  Solved!
  Go to Solution.

  Yes. With access restrictions.
  Of course, as MAC addresses are easily changed, cloned and detected on wireless connections (as MAC addresses are always transferred unencrypted) the wireless mac filter is useless for wireless security. On the wireless, use WPA2 Personal with AES and a strong passphrase. The wireless MAC filter won't make a difference in regard to your WPA2 protected wireless network.
  Same applies to wired devices and access restrictions. Of course, the difference with wired connections is that you have better control over you can plug into your router and who not...

• Blocking a MAC address with WCS

  I recently deployed a 4404 with WCS and want to block a MAC address from connecting to our wireless because of Deauth floods. We have around 40 APs. I am thinking it should be done through a template, but not sure. Can anyone lead me to right document that explains the process of blocking specific MAC addresses?
  thanks,
  Jonathan

  Hi Jonathan,
  Have you see this doc;
  Configuring a MAC Filter Template
  Cisco Wireless Control System Configuration Guide, Release 4.0
  http://www.cisco.com/en/US/products/ps6305/products_configuration_guide_chapter09186a00806b7273.html#wp1068145
  Hope this helps!
  Rob
  Please remember to rate helpful posts.....

• Block client MAC on VLAN

  Hi,
  I have a WLC 4402 configured with two VLANs (Company and GuestNet).
  Now I need to block a client on the GuestNet VLAN only using its MAC address.
  The access to the company WLAN should still be permitted.
  What is the easiest way to configure this?
  Thanks in advance!
  Best regards,
  Chris

  Agreed... you can create an ACL to block a MAC on the switch level, but not on the WLC.  I'm guessing you are doing either open access to the guest or web pass-through.  Using these type of guest access can't prevent any other users to access your guest net.  Maybe you should look at doing Web-Auth, unless you are doing this now and you have one person who has access.... but then again, you can always change the username/password.

• Block curtain MAC-addresses on my WRT54GL

  Hello
  I use a Linksys WRT54GL for my wireless setup in my apartment. I have noticed that there sometimes are unknown MAC-addresses in "DHCP Clients Table". I guess it is my neighbours or someone on the street.
  Am I able to block a curtain MAC-address, so I precent them to connect to my network. And how?
  Best regards,
  MAthias

  Under the Wireless tab,click on the Wireless Mac Filter>>>>choose the option enable and click on the option "document.write("Prevent PCs listed below from accessing the wireless network.") Prevent PCs listed below from accessing the wireless network" and then,click on Edit Mac Filter List to enter the Mac Address which you want to prevent.

• Linux client MAC address getting failure (Mr. Francois)

  Hi Mr.Francois
  I am using your client information form. Thank you.
  But in Linux client
  shows
  IP & MAC addresses are blank
  Any idea !
  Regards

  Because you did not provide details about which Forms version or client platform you are using it will be difficult to offer specifics. However, if you are using Forms 10.1.2.3 or newer, I would recommend trying to run the WebUtil demo form as it includes functionality to capture the client details. You can download the WebUtil demo from here:
  http://www.oracle.com/technetwork/developer-tools/forms/downloads/index.html
  It is listed under Forms 11g Demos, but the WebUtil demo is compatible with version 10 and newer. If you have never used this demo (or WebUtil) before, be aware that some features only work on Windows clients. Additionally, some features only work on Windows (32bit) clients.

• Reports for Apple devices with SCCM client - Mac Addresses and IP information.

  Greetings.
  I've been having an interesting problem.
  I am currently running SCCM 2012R2 with PKI and have clients installed on windows, linux (ubuntu mostly) and apple computers successfully.
  I have created custom report proving me with hardware information for windows and linux machines (Serial numbers, manufacturer, Mac Addresses and IP addresses) successfully.
  So far I wasn't able to create any report or even find what table information about Apple computers MAC and IP addresses is stored.
  If i go to Apple computer in SCCM using resource explorer under hardware I can see network devices, so that information is definitely gathered by SCCM in some way.
  Can anyone help me out with this and maybe I am doing this in a wrong way?

  Nice. Only trouble there seems to be multiple entry for same mac address there for same resource id.
  So when I try to get them as substring i get multiple copies of same mac address.
  But looks like this will work as solution to this problem.
  So far I was doing it this way (And i am sure there is clearer way to do it.)
  SUBSTRING((SELECT ',' + CAST(t2.MACAddress0 AS VARCHAR(40))
              FROM (SELECT DISTINCT ResourceID, MACAddress0 FROM  v_GS_NETWORK_ADAPTER) t2
              WHERE t2.ResourceID = ResourceID
              ORDER BY t2.ResourceID, t2.MACAddress0
              FOR XML PATH ('')
          ), 2, 100) [MACAddresses]

• Blocking a MAC address from Authentication to AIR-AP1230 12.3(8) JA

  Anyone know the CLI commands for blocking a single MAC address from Associating to an AIR-AP1230 running 12.3(8)?

  This link may help as well:
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080184aa0.html#91655
  Change the Action to Block, make the Default Action Forward All, and make the mask 0.0.0.0. Apply this to the dotllradio interface (or sub-interface), filtering inbound packets. This should block the specified MAC address only.

• Can iPhone 6 hotspot block unknown MAC addresses?

  i am somewhat concerned that someone can hack my iPhone 6 hotspot.
  is there a way to block devices with unknown MAC address from connecting to the hotspot?
  is such a feature available, feasible, desirable?
  anybody?
  regards

  Please anyone?