WCS - AAA access to add to MAC filter only

Hi,
I am using Cisco WCS and have an SSID which uses PSK.  I want to permit a select few to be able to add MAC addresses to this filter, as part of this SSID in order to permit devices to associate to this network.
I am struggling to see how I can do this, the user defined permission sets in AAA section are not that granular.
Someone mentioned Virtual Domains, though again I don't see how you permit only this level of access.
Any help / guidance would be appreciated
Thanks
Steve

I don't have wcs in front of me .. But do into admin tab of wlc. Select group and you will see super user, admin, etc. you can create a new group .. Once the new group is selected you can add tasks list to that group .. Which task that handle your MAC address additions may be bundled into another task ..
Sent from Cisco Technical Support iPhone App

Similar Messages

  • Where to add mac filter without template on Prime 2.0?

    Hi,
    Can someone point me to where I should go to add mac filter under security>AAA in Prime 2.0 directly to controller without using templates? Check the screenshot attached. there is no option to add filter. It only give option to edit. Going to Classic view I see the add option is available. Puzzled. Any help is appreciated.
    Cheers,
    Fadi

    I am unabl eto find any way to configure mac-address filter without template. To configure with template you can go through the following steps-
    Step 1 Choose Configure > Controller Template Launch Pad.
    Step 2 Click MAC Filtering or choose Security > MAC Filtering from the left sidebar menu. The Security > MAC Filtering page appears.
    Step 3 If you want to add a new template, choose Add Template from the Select a command drop-down list, and click Go. To modify an existing template, click the template name. The MAC Filtering template page appears.
    Step 4 If you keep Import From File enabled, you must enter a file path or click Browse to navigate to the file path. The import file must be a CSV file with MAC address, profile name, interface, and description (such as 00:11:22:33:44:55, Profile1, management, test filter). If you unselect the Import from File check box, continue to Step 5. Otherwise, skip to Step 8.
    The client MAC address appears.
    Step 5 Choose the profile name to which this MAC filter is applied or choose the any Profile option.
    Step 6 Use the drop-down list to choose from the available interface names.
    Step 7 Enter a user-defined description of this interface. Skip to Step 9.
    Step 8 If you want to override the existing template, select the Override existing templates check box.
    Step 9 Click Save.

  • Wireless MAC Filter more than 80 router are access point required

    We needed router are access points Wireless MAC Filter more than 80 product required.

    Use real wireless security with WPA2/AES and forget about the wireless mac filter.

  • Howto refresh MAC-filter list in WCS ?

    Hello
    We?re using WLC4402 with WCS 4.
    We are using MAC filters with WPA to limit which clients can connect.
    My problem is this:
    I think it is smoother to insert new MAC filters through the WLC web interface instead of using the WCS.
    When I do this the new MAC filters I put in through the WLC web interface will not show up in the WCS, how can I refresh the WCS to make the new MAC filters show up there ?
    /Dan

    Make sure the controller is using version in Release 3.2.78.0.If not upgrade the controller so that updates are sent properly to wCS .Max number of mac filter that could be configured is 512 on WCS 2.2

  • WLC Webauth on mac filter / Bypass

    Hi
    I am currently experimenting with the webauth 'On MAC Filter failure' feature.
    In most cases things work fine, meaning that: user arrives in SSID coverage, if his MAC is registered in our radius he is allowed through, if not heassociates to the AP and gets the usual splashscreen. But, in some weird cases things dont happen as expected: user arrives in SSID coverage, if his MAC is registered in our radius he is allowed through, if not he can not associated.
    I tryed to run some debugs but with little success as I dont know what I am looking for.
    As far as I can say, the problem appears with devices I used for testing (allow through MAC filter, then removed ...) and make me think of some kind of caching mechanism. (things like fastpath come into my mind).
    Did someone implement the feature successfully?
    Thanks,
    seb.

    Hi,
    Sure (debug client 00:24:d6:23:d0:58). Problem is visible around  12:26:47.612
    *pemReceiveTask: Sep 22 12:25:38.048: 2c:a8:35:cf:20:14 Sent an XID frame
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 Adding mobile on LWAPP AP 00:08:30:4a:d6:50(0)
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 Association received from mobile on AP 00:08:30:4a:d6:50
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1621)
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 Applying site-specific IPv6 override for station 00:24:d6:23:d0:58 - vapId 3, site 'UNAIDS-HQ', interface 'unaids-guests'
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 Applying IPv6 Interface Policy for station 00:24:d6:23:d0:58 - vlan 113, interface id 11, interface 'unaids-guests'
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 Applying site-specific override for station 00:24:d6:23:d0:58 - vapId 3, site 'UNAIDS-HQ', interface 'unaids-guests'
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1621)
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 apfProcessAssocReq (apf_80211.c:5122) Changing state for mobile 00:24:d6:23:d0:58 on AP 00:08:30:4a:d6:50 from Idle to AAA Pending
    *aaaQueueReader: Sep 22 12:26:26.258: Unable to find requested user entry for 0024d623d058
    *aaaQueueReader: Sep 22 12:26:26.258: ReProcessAuthentication previous proto 8, next proto 40000001
    *apfMsConnTask_4: Sep 22 12:26:26.258: 00:24:d6:23:d0:58 Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
    *aaaQueueReader: Sep 22 12:26:26.258: AuthenticationRequest: 0x2aeb3be8
    *aaaQueueReader: Sep 22 12:26:26.258:   Callback.....................................0x100df840
    *aaaQueueReader: Sep 22 12:26:26.258:   protocolType.................................0x40000001
    *aaaQueueReader: Sep 22 12:26:26.258:   proxyState...................................00:24:D6:23:D0:58-00:00
    *aaaQueueReader: Sep 22 12:26:26.258:   Packet contains 14 AVPs (not shown)
    *aaaQueueReader: Sep 22 12:26:26.258: apfVapRadiusInfoGet: WLAN(3) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
    *aaaQueueReader: Sep 22 12:26:26.259: 00:24:d6:23:d0:58 Successful transmission of Authentication Packet (id 255) to 10.83.40.111:1812, proxy state 00:24:d6:23:d0:58-00:01
    *aaaQueueReader: Sep 22 12:26:26.259: 00000000: 01 ff 00 b0 00 00 00 00  00 00 00 00 00 00 00 00  ................
    *aaaQueueReader: Sep 22 12:26:26.259: 00000010: 00 00 00 00 01 0e 30 30  32 34 64 36 32 33 64 30  ......0024d623d0
    *aaaQueueReader: Sep 22 12:26:26.259: 00000020: 35 38 1e 21 30 30 2d 30  38 2d 33 30 2d 34 61 2d  58.!00-08-30-4a-
    *aaaQueueReader: Sep 22 12:26:26.259: 00000030: 64 36 2d 35 30 3a 55 4e  41 49 44 53 2d 54 45 53  d6-50:UNAIDS-TES
    *aaaQueueReader: Sep 22 12:26:26.259: 00000040: 54 2d 32 1f 13 30 30 2d  32 34 2d 64 36 2d 32 33  T-2..00-24-d6-23
    *aaaQueueReader: Sep 22 12:26:26.259: 00000050: 2d 64 30 2d 35 38 05 06  00 00 00 0d 04 06 0a 53  -d0-58.........S
    *aaaQueueReader: Sep 22 12:26:26.259: 00000060: 05 80 20 0d 47 45 2d 44  43 57 4c 43 2d 30 31 1a  ....GE-DCWLC-01.
    *aaaQueueReader: Sep 22 12:26:26.259: 00000070: 0c 00 00 37 63 01 06 00  00 00 03 02 12 0d e4 89  ...7c...........
    *aaaQueueReader: Sep 22 12:26:26.259: 00000080: d6 a8 35 ae 7e ee 86 d9  65 0e 78 f5 5d 06 06 00  ..5.~...e.x.]...
    *aaaQueueReader: Sep 22 12:26:26.259: 00000090: 00 00 0a 0c 06 00 00 05  14 3d 06 00 00 00 13 40  .........=.....@
    *aaaQueueReader: Sep 22 12:26:26.259: 000000a0: 06 00 00 00 0d 41 06 00  00 00 06 51 05 31 31 33  .....A.....Q.113
    *radiusTransportThread: Sep 22 12:26:27.262: 00000000: 03 ff 00 14 64 b5 1e e0  41 f9 08 3f 47 46 3c 2b  ....d...A..?GF<+
    *radiusTransportThread: Sep 22 12:26:27.262: 00000010: 33 38 28 a3                                       38(.
    *radiusTransportThread: Sep 22 12:26:27.262: ****Enter processIncomingMessages: response code=3
    *radiusTransportThread: Sep 22 12:26:27.262: ****Enter processRadiusResponse: response code=3
    *radiusTransportThread: Sep 22 12:26:27.262: 00:24:d6:23:d0:58 Access-Reject received from RADIUS server 10.83.40.111 for mobile 00:24:d6:23:d0:58 receiveId = 0
    *radiusTransportThread: Sep 22 12:26:27.262: 00:24:d6:23:d0:58 Returning AAA Error 'Authentication Failed' (-4) for mobile 00:24:d6:23:d0:58
    *radiusTransportThread: Sep 22 12:26:27.262: AuthorizationResponse: 0x3c4fd8b4
    *radiusTransportThread: Sep 22 12:26:27.262:    structureSize................................32
    *radiusTransportThread: Sep 22 12:26:27.262:    resultCode...................................-4
    *radiusTransportThread: Sep 22 12:26:27.262:    protocolUsed.................................0xffffffff
    *radiusTransportThread: Sep 22 12:26:27.262:    proxyState...................................00:24:D6:23:D0:58-00:00
    *radiusTransportThread: Sep 22 12:26:27.262:    Packet contains 0 AVPs:
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Applying new AAA override for station 00:24:d6:23:d0:58
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Override values for station 00:24:d6:23:d0:58
                                                                                                            source: 2, valid bits: 0x0
            qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
                                                                                                                                                    vlanIfName: '', aclName: ''
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1621)
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Applying site-specific override for station 00:24:d6:23:d0:58 - vapId 3, site 'UNAIDS-HQ', interface 'unaids-guests'
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1621)
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Inserting AAA Override struct for mobile
            MAC: 00:24:d6:23:d0:58, source 2
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Inserting new RADIUS override into chain for station 00:24:d6:23:d0:58
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Override values for station 00:24:d6:23:d0:58
                                                                                                            source: 2, valid bits: 0x0
            qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
                                                                                                                                                    vlanIfName: '', aclName: ''
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 0.0.0.0 START (0) Initializing policy
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not required on AP 00:08:30:4a:d6:50 vapId 3 apVapId 3for this client
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Not Using WMM Compliance code qosCap 00
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:08:30:4a:d6:50 vapId 3 apVapId 3
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 apfMsAssoStateInc
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:24:d6:23:d0:58 on AP 00:08:30:4a:d6:50 from AAA Pending to Associated
    *apfReceiveTask: Sep 22 12:26:27.263: 00:24:d6:23:d0:58 Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfReceiveTask: Sep 22 12:26:27.264: 00:24:d6:23:d0:58 Sending Assoc Response to station on BSSID 00:08:30:4a:d6:50 (status 0) ApVapId 3 Slot 0
    *apfReceiveTask: Sep 22 12:26:27.264: 00:24:d6:23:d0:58 apfProcessRadiusAssocResp (apf_80211.c:2153) Changing state for mobile 00:24:d6:23:d0:58 on AP 00:08:30:4a:d6:50 from Associated to Associated
    *apfReceiveTask: Sep 22 12:26:29.211: 00:24:d6:23:d0:58 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
    *apfReceiveTask: Sep 22 12:26:29.211: 00:24:d6:23:d0:58 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4431, Adding TMP rule
    *apfReceiveTask: Sep 22 09:31:33.211: 00:24:d6:23:d0:58 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
      type = Airespace AP - Learn IP address
      on AP 00:08:30:4a:d6:50, slot 0, interface = 13, QOS = 0
      ACL Id = 255, Jumbo F
    *apfReceiveTask: Sep 22 12:26:29.211: 00:24:d6:23:d0:58 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006  IPv6 Vlan = 113, IPv6 intf id = 11
    *apfReceiveTask: Sep 22 12:26:29.211: 00:24:d6:23:d0:58 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
    *pemReceiveTask: Sep 22 12:26:29.212: 00:24:d6:23:d0:58 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
    *pemReceiveTask: Sep 22 12:26:29.212: 00:24:d6:23:d0:58 Sent an XID frame
    *spamApTask4: Sep 22 12:26:46.641: 00:24:d6:23:d0:58 Received Idle-Timeout from AP 00:08:30:4a:d6:50, slot 0 for STA 00:24:d6:23:d0:58
    *spamApTask4: Sep 22 12:26:46.641: 00:24:d6:23:d0:58 apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 4, reasonCode 4
    *spamApTask4: Sep 22 12:26:46.641: 00:24:d6:23:d0:58 Scheduling deletion of Mobile Station:  (callerId: 30) in 1 seconds
    *osapiBsnTimer: Sep 22 12:26:47.611: 00:24:d6:23:d0:58 apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
    *apfReceiveTask: Sep 22 12:26:47.611: 00:24:d6:23:d0:58 apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 00:24:d6:23:d0:58 on AP 00:08:30:4a:d6:50 from Associated to Disassociated
    *apfReceiveTask: Sep 22 12:26:47.611: 00:24:d6:23:d0:58 Sent Deauthenticate to mobile on BSSID 00:08:30:4a:d6:50 slot 0(caller apf_ms.c:5094)
    *apfReceiveTask: Sep 22 12:26:47.611: 00:24:d6:23:d0:58 Sending Accounting request (2) for station 00:24:d6:23:d0:58
    *apfReceiveTask: Sep 22 12:26:47.611: 00:24:d6:23:d0:58 apfMsAssoStateDec
    *apfReceiveTask: Sep 22 12:26:47.611: 00:24:d6:23:d0:58 apfMsExpireMobileStation (apf_ms.c:5132) Changing state for mobile 00:24:d6:23:d0:58 on AP 00:08:30:4a:d6:50 from Disassociated to Idle
    *apfReceiveTask: Sep 22 12:26:47.612: 00:24:d6:23:d0:58 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [00:08:30:4a:d6:50]
    *apfReceiveTask: Sep 22 12:26:47.612: 00:24:d6:23:d0:58 Deleting mobile on AP 00:08:30:4a:d6:50(0)
    *pemReceiveTask: Sep 22 12:26:47.612: 00:24:d6:23:d0:58 0.0.0.0 Removed NPU entry.
    *aaaQueueReader: Sep 22 12:31:04.526: Unable to find requested user entry for 2ca835cf2014
    *aaaQueueReader: Sep 22 12:31:04.526: ReProcessAuthentication previous proto 8, next proto 40000001
    *aaaQueueReader: Sep 22 12:31:04.526: apfVapRadiusInfoGet: WLAN(3) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
    *radiusTransportThread: Sep 22 12:31:05.530: 00000000: 03 00 00 14 cd cd cd 40  48 d9 c9 26 10 81 e3 5b  .......@H..&...[
    *radiusTransportThread: Sep 22 12:31:05.530: 00000010: b0 35 95 73                                       .5.s
    *radiusTransportThread: Sep 22 12:31:05.530: ****Enter processIncomingMessages: response code=3
    *radiusTransportThread: Sep 22 12:31:05.530: ****Enter processRadiusResponse: response code=3
    Thanks,
    Seb.

  • Mac filter not working with Airport Extreme

    I setup my new AEBS and for whatever reason when I setup the Mac filter it still will let the desired user in with the key. I have both the wireless N and the wireless G (guests) setup and it doesn't seem to work with the G for sure, unfortunately I don't have any other wireless N capable units so I don't know if it works with N. I would assume that it would block all other Mac addresses if I select "No Access." Please help, and no I do not have any extensions of it, it's just the Extreme as the single wireless access point in our house with WPA security. Thanks!

    I had the same problem. On the MAC access panel in Airport Utility, click on the default user and then use the drop down menu below and click no access. Any of the added IDs you have added you can still put 24 hour access and only those users can connect to the network.
    The default is set for all access, so unless you change this, no matter how many separate IDs you add, it will let anyone on if they have a password.
    I didn't figure this out for years, but now it works the way I thought it was working all along...

  • How do you add a MAC address to air port so it will recognize a Nest thermostat

    How do you add a MAC address to anAir Port

    In a v5 utility it looks different to a v6 utility.. and you should not be using MAC restrictions anyway, unless you have time controls. MAC filtering is not adequate security.
    There are only two options Timed Access or Radius.. you cannot use Radius without a Radius authentication server.
    Clcik the + symbol and add the MAC address.
    Make sure the time limits are not restricted if you want permanent access.
    BUT this is just the wrong way to do things. Use proper security WPA or WPA2 with a password. not MAC filters which are next to useless.
    If you have issues getting your NEST to connect to the Airport, set the wireless name to correct SMB standard. That means short, no spaces and pure alphanumeric. The current name is probably not compliant to SMB network standards hence the NEST cannot connect.

  • How do i set up my kindle to receive audio books? Is there a MAC filter? it must be disabled and I dont know how to do this

    how do i set up my kindle to receive audio books? Is there a MAC filter? it must be disabled and I dont know how to do this

    By default, any type of MAC filtering is disabled on the AirPort base stations ... unless, of course, you or someone else enabled it.
    If it is enabled, to disable it, you would use the AirPort Utility.
    AirPort Utility > Select the AirPort > Manual Setup > AirPort > Access Control tab > MAC Address Access Control: Not Enabled

  • Is it possible to add a firewall Filter or Rule Set to the Extreme Router (802.11n)

    Is it possible to add a firewall Filter or Rule Set to the setting for the Extreme Router (802.11n) like the following:
    "ALLOW TCP/UDP IN/OUT to 208.67.222.222 or 208.67.220.220 on Port 53"  and
    "BLOCK TCP/UDP IN/OUT all IP addresses on Port 53"
    The goal of this is to create a firewall rule to only allow DNS (TCP/UDP) to OpenDNS' servers and restrict all other DNS traffic to any other IPs.
    Or, alternatively is there a way to configure same applied to the Network preferences on IMAC OS X?
    Thanks and much appreciation to anyone who has any clue about this.

    Sorry, I think you've got it backwards.
    The concern is NOT that the child can make changes to our hardware/AEBS, or even our network software on my IMAC - nothing's been changed.
    BUT, he changed the dns settings on his OWN device (ie chromebook) to google public server, accessed the AE using our home wifi network BUT bypassed our dns settings. Capeesh?
    See: http://www.pocketables.com/2013/03/how-to-use-change-the-dns-settings-on-your-ch romebook-and-use-googles.html

  • WRT160N wireless MAC Filter settings reset on their own

    I recently purchased and setup a WRT160N router.  Having no real problems with router - it works fine with exception of the MAC filter settings.  I most often access the router config from an XP machine (used to initially setup the router) which is wired, as well as from a VISTA notebook that is wireless.  I am noticing that when I check the MAC filter settings, the previous setup is missing - meaning that all MAC addresses are gone, and the filtering option is removed.
    I have set this up numerous times, and VERIFIED that I click on save at the bottom of the page, verify I have enable checked, etc.  I am wondering if there is something I'm missing - the settings don't appear to "stay" - the filtering option simply disappears and returns to disabled.  I may answer my own question here (or point myself in the right direction), but is there a dependancy on some other setting that is causing my filter to "disappear" on me?

    Have you tried to reset your Router and Re-configure all the settings back on your Router? If not then Reset your Router and re-configure all the settings. If still doesn't work, then you need to upgrade the firmware of your Router. Download the latest firmware for your Router from the Linksys website, Go to http://www.linksysbycisco.com/US/en/support/wrt160n/downloads and select the proper version number of your Router and download and save the firmware on your computer.
    Login to the Routers GUI and click on the Administration tab and below click on the sub tab "Firmware Upgrade" and click on the browse button and select the firmware file and click on upgrade...Once the firmware upgrade is successful... Then you need to Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...

  • Wireless Guest Network, iPADS and MAC Filteing

    Hello, I have a question regarding our wireless guest network and using iPADs
    Our wireless network consist of (3) 5508 WLC’s running 6.0.188. 2 internal WLC and 1 external anchor WLC for guest.  Presently we are only using one of the internal controllers for users the second is only used for fail over.  The anchor controller is set up as the DHCP server for guest. We also have a Cisco NAC Guest Server in the DMZ for guest authentication.
    We have (10) iPads that need Internet access though our guest portal. We do not want these iPADs to have to enter any credentials just pass through to the internet. We do not want any other device to be able to connect to this SSID.  Here’s my question; Getting to the Internet is no problem however when I try to set up a MAC filter just for these devices, they never receive an IP address and never get connected.  I have tried setting the filter on both the internal controller and the anchor controller identically and in about every combination I can think of.  Does anyone know how to set up a MAC filter on a guest network configured as per Cisco’s recommendation?  I also plan to use WPA2 and 802.1x once I get the MAC filter to work.  Any help would be appreciated.
    Thank You
    John

    Not all layer 2 and layer 3 security mechanisms are compatible. Refer to this doc
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080987b7c.shtml#matrix
    What security settings have you configured. The settings also need to be identical on both the internal and anchor controller.

  • Why is Web Page Auth on MAC Filter Failure not working on Anchor Controller?

    Hi,
    I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
    Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
    Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth.
    I can get MAC auth working by iteself, but not with the Layer 3 option selected for web page auth on mac filter failure.
    I know I can get around this by just creating two separate SSIDs. But the business is used to just having the one SSID for all guest traffic.
    Is this a known limitation when anchoring SSIDs to controllers in the DMZ ?

    Hi Nicolas,
    I guess they changed their mind to add this fix in 7.0MR3. Now the fix will be in 7.2 release planned to be release in FEB.
    There is a documentation bug opened to add this to configuration guide :
    CSCtw48727    Document CSCts54424. Limitations webauth on mac filter fail for anchor
    Regards..Salil
    CSCtw48727    Document CSCts54424. Limitations  webauth on mac filter fail for anchor

  • Compatibility 802.1X and mac-filter from ACS

    If the  clients identities and mac address are stored in the same ACS server.
    In WLC,could a wlan be configured layer2 security with both 802.1x and mac-filtering?
    this is really a critical problem for me!
    Thanks~

    Hi,
    I am assuming  you are asking if you configure a x  mac of wlan client in MAC filer and the same as user naem in 802.1x ACS database as user name , could you configure it ? what is the effect?
    If my understading of your queston is  correct the answer is
    Any wlan client will not be allowed to  associate to the network  unless a match is  seen in mac filter in wlc.
    But once that is done  it will not able to access  network resources  unless   802.1x authentication is  completed by ACS  against the wlan clients user name which is again a mac  address of client.
    i dont see a value for doing this. except that you will block  unnecessary authentication request getting to ACS  by filtering it in the 1st instance.
    another scenario is  if you are using mac filtering also on ACS , it should be preceeded by mac filtering and then ACS authentication , as above as far as  ssequence goes hence the same logic applies here.
    Thanks

  • ACS - SSID - MAC-Filter separation

    Hello,
    I’m trying to setup following environment:
    WLC 5508 (OS 7.5)
    Up to 60 Access Points 1602I
    Two SSID’s are required
    WPA/WPA2 Authentication is required
    MAC-Filter should also be used
    I’ve done the following configuration:
    LAN Enviroment works
    WLC Setup works also with all Access Points
    SSID with WPA/WPA2 Authentication work
    Clients can connect to each SSID
    For the MAC Filter Setup I’m going to use an ACS 5.4 and an Active Directory. The ACS has successfully joined the Active Directory and at the active Directory I’ve create to groups:
    CN=SSID1,OU=Authentication,DC=global,DC=lan
    CN=SSID2,OU=Authentication,DC=global,DC=lan
    These two groups I’ve selected after I joined the Active Directoy. I used the Active Directory (AD1) as an Identity group, which is used by a Network Access based Access Service. In my second step, I configured the WLC to use Radius authentication for MAC-Filter and everything works.
    But now I’ve found my problem:
    The ACS Server like work top down and first rule matches:
    If a MAC is member of group SSID1 and the Client wants to join SSID 1 it works
    If a MAC is member of group SSID2 and the Client wants to join SSID 1 it works, too. Because the rules are checkt top down first match. And the ACS will find the MAC in group SSID.
    Is it possible to check at the ACS which SSID send the MAC-Filter request? or
    Is it possible to get the ssid value from the Active Directory to use this value in my policies?
    I would like to restrict the MACs from group SSID1 to SSID 1 and the MACs from group SSID to SSID 2.
    Thanks and kind regards
    Kai

    Hello,
    I hope this will help you. The username and password will be the MAC-Address of your client wirelss device, e.g.
    Username:  aabbccddeeff
    Password:  aabbccddeeff
    You've to check, in which kind you have to send the MAC Address (aa:bb:cc:dd:ee:ff, aabbcc-ddeeff, AA:BB:CC:DD:EE:FF, and so on)
    The attachments will show you a sample ACS Access Policy and the "caller-station-id" configuration and the configuration of a SSID from a Cico WLC 5508.

  • Can't use MAC Filter and have Blinking Red Link Light on WRE54G

    I just added a WRE54G V3 extender to my WRT54G V8,  I have download the most recent firmware on both products.  My network in using WPA and after fixing all the typo associated with setting all that up I still could not establish wireless connectivity.  I am/was using MAC Filters on the WRT54G and had added and triple checked the WRE54Gs Mac address,, but until I disabled the Mac Filter I could not connect to the network.  I would like to get that issue resolved.  Secondly even with the MAC Filter disabled the Link Light blinks red at a regular interval.  It does appear that I have connectivity, but the light just blinks away.  If this is normal I could not find any reference is the written materal.  Thanks for any advice you might have.
    Message Edited by ecanon on 04-16-2008 01:31 PM

    Sorry to appear toltake so long to get back to this, but I did post a message in reply somewhere ????, but it doesnt appear here??? and then I got tied up on some personal stuff.
    Anyway, I followed all the advice I could find on this thread (thanks to everyone who has posted to any question on this thread) and after starting completely over reseting everything and basically configuring the RE with everything else turned off and then powering up everything starting with the router, I got everything up and running using WAP and all.
    The only issue left is when I enable MAC filtering on the router to allow only the MAC addresses in the list access to the network the RE goes belly up.  Disable Mac filtering and it comes right back up.  I have triple checked the Mac address I entered on the list.  The only reference to the RE's MAC address is on the sticker on the back.  I can't find that verified anywhere in the configuration screens on the RE.
    If I could get his working I could count my security as good as it gets and go on about my business.
    Thanks again to all for helping me get this far.

Maybe you are looking for

  • What is the significance of super() in constructor?

    excuse me, my english is poor. public class App2 extends App1{ App2(String str){ //there is a crytic super() *****why?**** System.out.println(str); public static void main(String args[]){ App2 tt=new App2("hello"); class App1{ App1(){ System.out.prin

  • The Great GUI Builder Mystery

    I am trying to create a GUI Builder using Java. I have searched high and low, low and high, and I have not been able to figure out how to set the design time behaviour of a JavaBean (or any component for that matter). Theoretically (according to the

  • Duplicate Photo Gallery when restoring iPhone 5

    I back up my photos to my PC in to the My Pictures library.  When I try restoring this library to my new iPhone 5 it creates two copies of all the pictures in two different albums - "My Pictures" and "Photo Library".  Seems like a bug to me.  Thought

  • Need a good weather app.

    Evening, Ca anyone suggest a good stable weather app ? Nokia Lumia 520  iphone 6 Plus. Be happy !!

  • Can an external drive's file(s) be retrieved from my Mac?

    I have a corrupted Flash drive which contains a spreadsheet file which I worked on recently on the Mac, though I saved it straight back to the Flash drive (not the Mac's HD). Can I still retrieve this file from the Mac's memory somewhere? Where do ex