Support User Manuals

Cisco Systems OL-7426-03 Network Router User Manual

Open as PDF

of 276

5/26/05 Local MAC Filter

OL-7426-03

• If necessary, use the following command:

>config wlan mac-filtering enable <WLAN id>

where <WLAN id> = 1 through 16.

• Use the show wlan command to verify that you have MAC filtering enabled or disabled for each

WLAN.

Local MAC FilterLocal MAC Filter

Cisco Wireless LAN Controllers have built-in MAC filtering capability, similar to that provided by a

RADIUS authorization server.

• Use the show macfilter command to verify that you have MAC addresses assigned to WLANs.

• If required, use the following commands to assign local MAC addresses to WLANs, and to

configure a WLAN to filter a local client:

>config macfilter add <MAC addr> <WLAN id>

>config macfilter wlan-id <MAC addr> <WLAN id>

where <MAC addr> = client MAC address and <WLAN id> = 1 through 16.

• Use the show macfilter command to verify that you have MAC addresses assigned to WLANs.

Disable TimeoutDisable Timeout

Each WLAN can have a variable timeout for excluded, or disabled clients. Clients who fail to authenti-

cate three times when attempting to associate are automatically excluded, or disabled, from further

association attempts. After the exclusion timeout period expires, the client is allowed to retry authenti-

cation until it associates or fails authentication and is excluded again.

• Use the show wlan command to check the current WLAN Disable (Excluded) Timeout.

• If necessary, use the following command to change the Disable (Excluded) Timeout:

>config wlan blacklist <WLAN id> <timeout>

where <WLAN id> = 1 through 16, and <timeout> = 1 to 65535 seconds, 0 to add to the

Exclusion List (formerly blacklist) permanently until the operator manually removes the

exclusion.

• Use the show wlan command to verify the current WLAN Disable (Excluded) Timeout.

VLANsVLANs

• Use the show wlan command to verify VLAN assignment status.

• To assign a VLAN to a WLAN, use the following command:

>config wlan vlan <wlan id> [<default>/<untagged>/<VLAN ID> <IP Address>

<VLAN Netmask> <VLAN Gateway>]

where <WLAN id> = 1 through 16, <default> = use the VLAN configured on the network port,

<untagged> = use VLAN 0, <VLAN id> = 1 through 4095, <IP Address> = the VLAN IP

Address on the Cisco Wireless LAN Controller, <VLAN Netmask> = VLAN local IP netmask, and

<VLAN Gateway> = VLAN local IP gateway.

Note: WLANs are created in disabled mode; leave them disabled until you have

finished configuring them.

previous next