MAC Address Filters on Autonomous Access Points Configuration Example

Document ID: 116582

Updated: Oct 24, 2013

Contributed by Salma Sulthana, Cisco TAC Engineer.

Download PDF

Background Information

Configure

Verify

Troubleshoot

Introduction

This document describes how to configure MAC address filters on Cisco standalone Access Points (APs) with the use of the CLI.

Prerequisites

Requirements

Cisco recommends that you have basic knowledge of these topics:

Configuration of a wireless connection with use of an Aironet AP and an Aironet 802.11 a/b/g Client Adapter
Authentication methods

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

MAC address filters are powerful tools to control the forwarding of unicast and multicast packets. For instruction on how to configure a MAC address filter on the GUI, refer to the Configuring and Enabling MAC Address Filters section of the Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.3(2)JA.

Configure

Complete these steps in order to filter MAC-based ACLs with the CLI.

Log in to the AP through the CLI.
Use the console port or Telnet in order to access the ACL through the Ethernet interface or the wireless interface.
Enter this command in order to enter the global configuration mode on the AP CLI:
```
AP# configure terminal
```
Create a MAC address ACL 701:
```
access-list 701 deny 0811.967e.c384 0000.0000.0000
```
Note: This ACL denies all traffic to and from the client with MAC address 0811.967e.c384.

Enter these commands in order to apply this MAC-based ACL to the radio interface:

Config terminal
Interface Dot11radio 0 or Inter dot11radio 1
dot11 association mac-list 701
end

Verify

After you configure this filter on the AP, the client with this MAC address, which was previously associated to the AP, is disassociated. The AP console sends this message:

AccessPoint# *Aug 29 01:42:36.743: %DOT11-6-DISASSOC: Interface
         Dot11Radio0, Deauthenticating Station 0811.967e.c384

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Was this document helpful? Yes No

Open a Support Case Login Required (Requires a Cisco Service Contract.)

Related Cisco Support Community Discussions

The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.

Refer to Cisco Technical Tips Conventions for information on conventions used in this document.

Updated: Oct 24, 2013

Document ID: 116582

Wireless, LAN (WLAN)