WLC - How to block a single client MAC address?

Hi Sir,
On a WLC (software version 4.1.185.0), how to block a single client MAC address?
I thought of using the SECURITY -> Disabled Clients. Is it right?
There are currently 250 users connected to the WLC. MAC Filtering is not a scalable solution because as I understand it, we have to specify all the legitimate MAC addresses in the local database.
Thank you.
B.Rgds,
Lim TS

Hi Lim,
As you have discovered, the Mac filtering on the WLC is an Allow (based on Mac address) rather than what you need which is a Deny (based on Mac address). I have not tried this feature but I think you are on the right track in using the Exclusion List (Blacklist) feature. Have a look;
Use SECURITY > AAA > Disabled Client then click New or MONITOR > Clients then click Disable to navigate to this page.
This page allows you to manually Exclusion List (blacklist) a client by MAC address.
Add the MAC Address and an optional Client Description for the client to be disabled.
Note When you enter a client MAC address to be disabled, the Operating System checks that the MAC address is not one of the known Local Net clients ( Local Net Users), Authorized clients ( MAC Filtering), or Local Management users ( Local Management Users) MAC addresses. If the entered MAC address is on one of these three lists, the Operating System does not allow the MAC address to be manually disabled.
Hope this helps! Let us know.
Rob

Similar Messages

  • HT4061 My gateway PC is locked up after itunes update.  When i restarted the computer for the hangers to take effect. Now my pc is locked up.  It gives me a client Mac address and no boot file name received.  What happened, and how do I get my pc back?

    jute way pc locked up after iTunes update.   It says client Mac address 001320 be ad 25 .  PXE E53  No boot file name received
    pXE MOF.  Exiting Broadcom PXE. ROM .  How do I unlock my pc?

    jute way pc locked up after iTunes update.   It says client Mac address 001320 be ad 25 .  PXE E53  No boot file name received
    pXE MOF.  Exiting Broadcom PXE. ROM .  How do I unlock my pc?

  • HT4061 I downloaded an iTunes update on my HP.  PC and restarted the computer for the hangers to take effect. Now my pc is locked up.  It gives me a client Mac address and no boot file name received.  What happened, and how do I get my pc back?

    I downloaded an iTunes update and when ashen I restarted my pc it locked up.  It says client Mac address 001320bead25,   PXE E53  No boot file name received.  PXE MOF.  Exiting Broadcom pie rom.   How do I get my pc back!

    When you installed iTunes on your work computer, then connected your iPad to that computer, it wiped what was on the iPad, then put the iTunes library (nothing) from the work computer onto the iPad. You can try copying the iTunes folder from your home computer over to your work computer, but since the apps were bought with a different account, they may not load or update properly.

  • How BW works on single client?

    Hi
    How BW works on single client?
    Please let me know.
    Thanks & Best Regards,
    Venkat.

    For technical reasons (number ranges for dimensions and master data IDs) a BW system is run in exactly one client.
    for more info visit :
    http://help.sap.com/saphelp_nw04/helpdata/en/a9/bb963a570b4b5de10000000a114084/content.htm

  • Cisco WLC Client MAC address backup to new Controller & ISE

    Hi All,
    We have an existing 4400 controller with MAC filtering for clients configured. Right Now, we are migrating to 5500 WLC and ISE setup.
    We want to use MAC filtering due to company policies on the new Controller as well as ISE.
    Is there a way (from GUI/CLI) that we can export the client MAC Addresses into an Excel file from existing WLC to new WLC & ISE?
    Thanks,
    CJ

    On the CLI issue a show macfilter summary and then import that into excel or a text editor.
    Sent from Cisco Technical Support iPhone App

  • Blocking Client MAC Addresses at Sup720/WLSM?

    I want to block client MAC addresses at the central 6500, where the WLSM is located. Is there any solution like "dot11 association mac-list" at the accesspoints? I tried an "access-expression" on the tunnelinterface, but it did not work. Any suggestions?

    Here is an example of config
    switch(config)# mac access-list extended ARP_Packet
    Switch(config-ext-nacl)# permit host 0000.861f.3745 host 0006.5bd8.8c2f 0x806 0x0
    Switch(config-ext-nacl)# end
    Issue the vlan access-map map_ name command and the action drop command, which is the action to perform.
    The vlan access-map map_ name command uses the MAC access list that you created to block ARP traffic from the hosts.
    Switch(config)# vlan access-map block_arp 10
    Switch (config-access-map)# action drop
    Switch (config-access-map)# match mac address ARP-Packet
    Add an additional line to the same VLAN access map to forward the rest of the traffic.
    Switch(config)# vlan access-map block_arp 20
    Switch (config-access-map)# action forward
    Choose a VLAN access map and apply it to a VLAN interface.
    Issue the VLAN filter vlan_access_map_name vlan-list vlan_number command.
    Switch(config)# vlan filter block_arp vlan-list 2

  • How to specify in the ISE mac-address with its description?

    Hello :-)
    I want to implement ISE 1.2.
    We have a database of mac-addresses and their description (for example the phone with the Mac address, John).
    When connecting the phone John to a wifi network, WLC checks its mac-address in the database and allows access.
    How to specify in the ISE Mac address with its description?
    In the endpoint settings in ISE 1.2 there is no description field. We have ISE1.2.1.198, vWLC 8.0.100, AIR-LAP1131, MS AD (Win2003).
    How can I handle this situation? Any ideas?

    This link http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_network_devices.html about managing network devices(router,switch), not endpoints(phone, notebook).

  • How can I get the client IP address correctly?

    Hi,
    I am having a problem with getting the client ip address correctly using jsp. I am currently using the method request.getRemoteAddr() (JSP)to get the remote client IP. This method works fine with intranet addresses.
    However, when I am using a dial-up connection through a ISP (internet service provider), it could not detect the actual IP that is assigned to my client PC, but instead got another IP address.
    Could anyone advise me on that? And could anyone advise me on how to obtain the correct client ip address correctly using any of the java technologies?
    Thanks,
    Damien

    >
    I don't believe so. You can't establish aconnection
    over the internet using a private IP. As far as I
    know most, if not all routers, block them so itwon't
    even move over the backbone.Well with port-mapping it is definately possible to
    allow an external ip to "connect" to an internal ip, i
    have done this very thing myself...Not the same.
    You are addressing the external server with a public IP address. That is then translated into the internal connection.
    That is not the same as using a private IP on the internet.
    As I said, the backbone will not let a private IP through.
    >
    >
    Yes, but my point is that at any given time, in the
    world, many boxes might have one address. Even ifit
    is a private IP is it still that IP for aparticular
    box. So if you use java to get its IP that is theIP
    that it gets. And that IP is useless for anything
    unless that IP is meaningful for the othercomputer.
    But all ips must be unique in a designated "internet"
    be it an "intranet" or whatever, there cannot be a
    situation where two identical ips in the same
    "internet", such that an ip that is achieved from a
    page-hit is valid and meangingful in order to send the
    data it is requesting back to it, or find out more
    about that computer, or log and report it if it is
    doing something illegal; i don't think its that
    meangingless is it?Yes it is. You can't use an IP to uniquely identify a box, and that is the sole criteria, when there might be two boxes with the same IP.
    When you use java on a client box to get the IP of the box, it doesn't necessarily return an IP that it meaningful to the anyone outside the lan on which the box lives.
    Because of this internet systems must do one of the following:
    -Do not use the IP as an identifier.
    -Require that the client has a public IP. This is often static. At least some security systems use this to validate users.

  • How can i use my ipod mac address to find it?

    simply put, i left my ipod at work. they missplaced it, now i need to locate it... p.s. its only a 3rd gen 32 gig so its not ios 7 campatible ,icloud only works if you have the device and download cloud on to it(and icloud is turned on).....not looking for opinions just looking for options such as: how can i use my ipod mac address to find it?       i do have the mac address

    You cannot.
    If you did not set up find my pod on the iPod itself, then it cannot be tracked.
    Sorry

  • How to set the IP and MAC address in C program?

    My working environment is Sun250 Server, Solaris 7 operating system. I encountered a problem ---- How to set the IP and MAC address in C program to make the system change it IP & MAC at runtime?
    Any idea is welcome! Thanks!

    Hi
    As a simplest possible solution, you can use the system command
    to run ifconfig that can set both the mac address and the IP address of the system. You will have to use setuid though.
    Or you can use the DLPI calls ( do a man DLPI or search for a
    Sun documentation on the same at http://soldc.sun.com) to write
    a pure C program.
    HTH
    Shridhar

  • WRT54GL V 1.1 : how to reserve IP for specific MAC address using DHCP

    My !free! made in China router have this functionality. And yet I have been banging my head with this new reasonably expensive wireless router from Linksys. Anyway I lug my notebook around. I need my home router to be able to automatically configure notebook IP address using DHCP. At the same time I need the ip given by home router through DHCP to be the same IP all the time. So "static" ip is not the solution. Alternative "static" ip is also not a solution. Anything with the word "static" in it is not a solution. I know about third party firmware (wrt or tomato) and I know WRT54GL can be flashed with this third party firware. But I'm not going to void my warranty. This will be my last option but not the solution that I seek. I would like to know how to reserve ip for specific mac address using DHCP for WRT54GL V1.1. If this version have no way to make such configuration, I would like to know if there is official firmware upgrade that address this. Thanks in advance!

    LDK-Anc wrote:
    Tonik - For the life of me, I cannot find DHCP Reservation on the WRT300N. I'm currently configuring one and it would be really useful if I could fine it. Maybe LinkSys calls it something else, but I don't really see anything resembling it. Help!
    Maybe these could help. (Images extracted from the User Guide)
    Setup tab: Basic Setup
    DHCP Reservation
    Message Edited by denman_v2 on 03-25-2008 05:11 PM

  • How to block a single table for a single user

    Hi all.
    I want to block a single Z table for a single user. How to do this?  If he/she tries to display data using SE16 or SE11 Tcode he/she should get an error message.
    Regards,
    Prajwal K.

    Hi Prajwal,
    We can use the function modules ENQUEUE_E_TABLE for locking tables and the function module DEQUEUE_E_TABLE for unlocking tables. With this method, we don't need to lock objects in order to lock the tables. In other words, any table can be locked/unlocked using these function modules.
    Check this sample code:
    *Locking Table*
    data:
    varkey like rstable-varkey.
    varkey = sy-mandt.
    locking the tables............................
    call function 'ENQUEUE_E_TABLE'
    exporting
    MODE_RSTABLE = 'E'
    tabname = 'MARA'
    varkey = varkey
    X_TABNAME = ' '
    X_VARKEY = ' '
    _SCOPE = '2'
    _WAIT = ' '
    _COLLECT = 'X'
    exceptions
    foreign_lock = 1
    system_failure = 2
    others = 3.
    Hope this helps you.
    Regards,
    Chandra Sekhar

  • How to block a single port 1841

    Hi,
    I need to block a single port on my wan side fa0/1 .. my telnet port 23 as it is open and im not going to use it and want to close it ?
    thank you

    This example shows how to allow telnet from an internal network, ssh from any but deny anyone else while logging all activity
    ip access-list extended TerminalAccess
    permit tcp host 10.0.0.2 any eq telnet log
    permit tcp any any eq 22 log
    deny tcp any any log
    line vty 0 4
    access-class TerminalAccess in
    You could also use the line "transport input none"
    The best option is to have some secure means to remotely manage the device.

  • Blocking of complete Vendor MAC Address

    Hi All,
    is it possible to Block or Disable a complete Vendor MAC - like  Apple 7c:6d:62:x:x:x - with using Wildcards on a Wireless LAN Controller? Background is, that the Customers IT-Department is only allowing the use of one Vendor, so every MAC Address of another Vendor is rogue. If Blocking is not possible on WLC, can i do this on ACS?
    Thx in adv, Michael

    Hi
    if you create a NAR entry on ACS, you can use callerID information (DNIS) which will have the mac address.
    then on ACS, it will support wildcards for all or part of each of the attributes:
    http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/c.html#wp697209
    so, it should be posible to be done on WLC, if you move the validation into ACS itself.
    Regards

  • How to view logs of disabled MAC addresses?

    I have a Wireless LAN Controller 4402 and WCS 7.0, and I have a few MAC addresses that are "disabled" due to policy violations. How can I view a log or a report that will show me if these MAC addresses are still attempting to connect?

    if the clinet is excluded.. then the client will not be able to connect at all... if you want to see the Logs.. i guess we see that on the TRAP logs, if not then we need to run the debug..
    lemme know if this answered your question..
    Regards
    Surendra
    ====
    Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

Maybe you are looking for

  • Can I use more than 1 mice at 1 time?

    I have recently invested in a wireless Mighty Mouse, and a couple of days ago I got a Bluetooth Pen tablet, is their any way that I can use both at the same time at the moment they cancel each other out (as the pen tablet is recognised as a mouse). I

  • While executing onLoad in Date_before Save.htm, a JavaScript error occurred

    While executing onLoad in Date_before Save.htm, a JavaScript error occurred, I have looked af the Forum and it tells me to delete Program Files\Macromedia\Dreamweaver CS3\Configuration\Commands and I cannot find these files despite searching. I had a

  • Navigation Attribut is not shown in two rows in the Query

    Hello, we are using a multiprovider with the infoobject 0material. In the multiprovider we use a navigation attribut MH_PR_ST of 0material. Normally, the query rows should show the material number and the corresponding attribut MH_PR_ST, but in some

  • Tech Specs of the audio input jack? (which is better, an iMic, or the MBP?)

    Well because the iMic has such a cheap sounding/terrible audio output.... http://discussions.apple.com/thread.jspa?threadID=2132385&tstart=0 ....I am trying to figure out which would be better for the audio INPUT? I am surprised to see that both the

  • How do I download Camera Raw?

    I just downloaded LR5 and wanted download Camera Raw. When I went to the directed page in the Product site I got a go description of the Camera Raw but no instructions on how to download.