Cisco Wireless :: WLC 7.3.0 / MAC Filtering And Web Authentication
Feb 9, 2013
There is a feature in WLC 7.3.0 like Configuring a Fallback Policy with MAC Filtering and Web Authentication .We have an option to configure mac filtering and we can create a policy that if mac filtering failes redirect it to web authentication
Here i am using mac filtering is only for my mac caching process. But when i tried this its not working.
My mac address is not there in the WLC, so it should prompt me the web authentication page.But its not happening. As long as my mac is not there in the table, i am not able to connect to the SSID.
So what is this feature (Configuring a Fallback Policy with MAC Filtering and Web Authentication) meant for ?
I have come across articles mentioning that URL Filtering can be implemented by using ASA 5505 with URL Filtering Servers. But Websense and other Web Filtering Servers are paid ones ? Are there any free solutions available ? What exactly is N2H2 ? The reason is I don 't want to increase the CPU utilization of ASA by implementing URL filtering within the device. If I have around 30 nodes which connects to the internet via a 2Mbps line through ASA 5505 and if I want to block around say 10 or 15 URLs , will it increase CU utilization beyond permissible limits ? Currently the CPU Utilization is around 10 - 15 . Here's the infrastructure setup .
I have two WAP 321 devices set up in our building they are on the same subnet with the same SSID and are using the WDS bridge mode. My question is, if i enable mac-address filtering on one of these devices will this infomation be passed to the other bridged device? or would the allow/deny list need to be populated manually on each device?
i am using two Cisco AP 4410N series in my network .Wants to use MAC address Filtering but it supports only 20Nos of MAC to add in the AP. Is there any way like IOS upgrade the AP supports more MAC Address to add.
I'm attempting to block about 10 to 15 users on the wireless by using MAC address filtering on the Aironet. I referenced the following link: URL,The policy does indeed work, but once I apply the filter all traffic on the wireless for that particular VLAN stops. Why would this happen? I wouldn't think I need to configure anything else for this to work, but maybe I'm wrong.I was looking over the config and I noticed that each time I added a MAC address to the filter, it would create and access-list 701 deny 0000.0000.0000 ffff.ffff.ffff Once I removed this access-list, traffic starting flowing again, but when I add another MAC address the access-list shows up again.
I was wondering if there was a way to import a large number of mac addresses into the MAC filtering of a Cisco WLC 4400. We recently purchased 150 new Mac laptops and I need to add them to the Mac filtering. I have 5 WLC's to do this to.I already have the MAC addresses and names in a spreadsheet.
Just got my new E4200 v2 router. Set up mac filtering for one device and after saving the change the router was refreshing and disconnected all my devices and could not log in to the router wired or wirelessly and had to do a factory reset. Have the latest firmware. Is this a defect in the router?
DIR600 doesn't allow me to enable wireless MAC filtering when I setup DIR600 as access point. (I connected DIR600 (access point) to my another room's router.)
Since I have this router E4200 my network undergoes changes alone. I have a MAC filtering as I had in my previous WNRL 160N and had no problems but here the overnight me are the 14 that I have enabled MAC, put another 3 that are not from where I changed the settings WiFi network, I've put in hidden, change encryption type and others and continues to happen randomly, and I added the router directly to the list of allowed MAC. I have remote management disabled in the Cisco Network Magic are not those MAC. not because it adds the MAC and I removed some that I have put the single.
we use wlc 4402 (Software Version 7.0.98.0) and want to allow only several wlan nic vendors to connect to a wlan ssid.According to this, is it possible to configure MAC Filtering with wildcards, e.g. aa:bb:cc:* ?
I have a number of 1552e APs connected to a 5508 WLC. We are using local MAC filtering to enable the 1552's to connect to the WLC.
I have a several more 5508's in different locations, and can be used for back-up in the event the primary WLC fails.I have the primary WLC, a secondary WLC and a tertiary WLC loaded into each the 1552's HA tab.
My question concerns the secondary and tertiary WLCs... do I have to load all the MAC addresses in each of those as well in order for the 1552's to connect? If yes, is there an easy way to copy the local mac filtering from the primary WLC and load it into the other WLCs ?
I am trying to filter a URL, facebook and it is not working. I have tried rebooting the router and it is still allowing access. I have provided the settings and ranges for PCs.
I see on the control panel that there is MAC filtering for the wireless connections. I don't see a similar control panel for computers that are wired directly to the router. Where do I find this?
Will Cisco be adding support for OpenDNS in the next firmware release? I have the e4200v2 and want to be able to specify times when I want the filtering to be off. After the kids go to bed. Netgear allows this with their nicely implemented OpenDNS in their routers. I am currently using OpenDNS with this router but don't like having to log in to remove the filtering and then adding it back on when I'm done surfing.
It shows this option "Filter wireless clients: Apply MAC Filtering to devices that connect to the network via Wi-Fi. This is the normal usage of MAC Filtering. Filter wired clients: "However I don't see that option on the actual page. How can i enable Mac address filtering only for the wireless side?
I have Cisco E4200v2, and after someone hacked my router's password, I was forced to activate a white listing MAC filtering. Problem is, that I would also like to enable a guest network so my small business's clients could still connect to the wifi, without having access to out home PC (and drinking our bandwidth).
Is it true that if someone wants to connect to the Guest network and macfiltering is on this is not possible. Which makes the guest network basicly useless.
I just want to allow specified computers wired access to the internet via the E1000 router. Here is the problem I am currently working on:
(1) Setup the E1000 unit to allow only one PC 'C1' (MAC: 91:E6:BA:25:91:58) wired access to the internet.
(2) Add another PC (unknown MAC address) to the LAN side of the E1000 unit and see if it is being blocked by the 'Access Restriction' policy that was setup.
(3) Can’t get the above done – the second PC is able to surf the internet although the policy is enabled.
Notes:(a) Ref: 'Access Restrictions' web page or see Page 26 in the User Guide .(b) The unit has the latest firmware already installed: Firmware Version: 2.1.01 build 5Dec 3, 2010.(c) The internet port of the unit goes to the ADSL modem in my house.(d) Unplugged the unit for 10 seconds as advised by one of your technicians, still no difference.(e) I can deny PCs, but the allowing only specified ones seems not to be doing anything.By the way, can the E3000 or E4200 do the above?
The browser-based settings utility for my E1200 can't setup MAC address filtering. I go to the "Wireless MAC Filter" page and enable MAC filtering.When I click the “wireless client list” button, a new window opens saying “IE cannot display the webpage”. This always happens when I have a wireless connection active.When there are no active connections, then IE properly displays the MAC address table, but it is empty since there aren't any computers connected to the router.
I've reset my router, reinstalled Cisco Connect and didn't configure anything on parental controls.However, when I navigate to the "Access Policy" menu all I see is parental controls. I don't see any of the more sophisticated filtering menus like "access blocking policy", etc. I've attached a screenshot.
Setting up Web Filtering on Cisco881 sec K9 router using CCP.
At the moment every user on the domain got blocked by the rule that i set up on the Web Filter (just using the wizard and choose default category). What i want is to separate users so that specific user can have full access while other user get filtered by the category.
I'm currently setting the MAC address filtering for my Linksys E2500 router. I have about 20 devices which i'm allowing to access my router, so i keyed in the MAC addresses into the config page and save setting. But only 16 addresses are registered, the rest refused to register no matter how many times i key in, it just reset back to 00:00:00:00:00:00 after i click on save setting.
We have a Cisco 4400 series WLAN controller.When I go to the clients and view who is connected; I can also filter it. However it only lets me filter by mac address, ap, wlan profile, etc.
It does not have IP filtering. Is there a way to filter using IP? Basically I want to find a particular client with a certain IP that's connected to our WLAN.Also how do we block the client? If we deemed that person should not get access.
I just upgraded to the Belkin N750 DB router from the version just below it and couldn't get the wireless card (Ralink RT2760) in my daughter's dual-boot WinXP/Ubuntu 10.04 to connect to the WPA security setting (WEP only) on the Ubuntu side. There is an updated driver, but it's way above my Linux skill set, so instead I just disabled security completely, and used the MAC Address filtering to add all of our household devices.This solved her connection problem, but I am wondering if there is any danger to this method that I might not have considered
Originally Posted by BelkinMAC Address FilteringThe MAC Address Filter is a powerful security feature that allows you to specify which computers are allowed on the network. Any computer attempting to access the network that is not specified in the filter list will be denied access. When you enable this feature, you must enter the MAC address of each client on your network to allow network access to each. To enable this feature, select "Enable MAC Address Filtering". Next, enter the MAC address of each computer on your network by clicking "Add" and entering the MAC address in the space provided. Click "Apply Changes" to save the settings. To delete a MAC address from the list, simply click "Delete" next to the MAC address you wish to delete. Click "Apply Changes" to save the settings.
I have a 2621 with a WIC-1ADSL that connects to my ISP. Since the 2621 has 2 ethernet ports, I wanted to setup a network on the second ethernet port for testing things such as VPN into my network via my ASA5505. I have a DHCP pool set on the particular network but cannot get a client to get an address from the router. I think I might have an ACL that is blocking or need an ACL to allow bootp on the interface. Here is the config:
Could URL FIltering be implemented on Cisco ASA 5505-BUN-k9?i mean to block certain websites, like facebook, youtube, to block certain download files like .exe, .com .bat etc....Is there any extra license needed for this, or it could be done with the simple IOS ASA5505-bun-k9?
I try to implement the url filtering feature on a cisco 2811 router and whenever i enable the parameter map patterns the router retuns (after some time)
%Unable to compile obj regex.[code] The result is that the router blocks ALL webpages without giving a block page message.
I have recently upgraded my company's network significantly, and in the process removed our Cisco edge routers and firewalls (gasp!), and replaced them with another vendor who gave a better price point for the router.However, i was only able to get ONE edge router, whereas before I had two, so I want to recycle one of my old 2921's as a cold standby (in case the brown sticky stuff hits the rotating air distribution blades, and $other-vendor router dies).Trouble is, the 2921 does not, I believe, have sufficient system resources to take the full routing table we're getting from our two ISP's.What I would like to ask is people's thoughts on the best method for me to configure the BGP setup on the 2921 to do the following:
-Accept the default route from each ISP and discard *everything* else in the route table -Modify our advertisement (ad prepend) out the "secondary" ISP to reduce the priority of traffic coming in over this link. -Configure the OUTBOUND priorities so that the "primary" link is used by preference for outgoing traffic (which will effectively shut down the secondary link for outbound traffic
I am trying to block clients based on MAC addresses connecting to our Wireless Guest network.
My scenario is: We have 2 interfaces (corporate and a guest). Users are connecting to our guest network after they have automatically connected to our corporate network and logged into Windows. When they realise that things are not quite working in the way they want (access to servers etc...), they reboot and then find they cannot logon to the laptop at all. This is because the laptop has automatically rejoined the guest network and has no access to AD. I then have to locally logon to the laptop and remove the guest network.
It’s starting to become a bit of a pain as we are an educational establishment and... well... you would wouldn’t you
Hardware: WLC5508, Software Version 7.3
So far I’ve tried enabling MAC Filtering under “Security -> AAA -> MAC Filtering”, but found out that it’s a white list. The opposite of what I’m trying to achieve, but I like the fact you can link it to a specific interface.
I’m just looking at the “Disabled Clients” again under “Security -> AAA ->”, but think this is more a total ban as I cannot see a method at attaching it to an individual interface. I'm kindda stuck and my good old friend Google is not yielding great results.
I’m not by any means a wireless expert, so there is probably a better method. I would prefer to use the controller as a way of achieving this, but if you think I’m wasting my time and should be looking at a Windows Group Policy method then I’ll go with that?
