Ciso LWAPP/WCS - Monitor mode AP question

M

Magik Smoke

Limp Gawd
Joined
Jun 11, 2004
Messages
495
We've got two controllers that are part of the same mobility group and on the same VLANs.

Will one monitor mode AP do MAC checking for both the controllers?
 
I don't think you need to setup a monitor AP for MAC authentication, I am pretty sure the controller will handle this for you:

Configuring MAC Filtering for Wireless LANs
When you use MAC filtering for client or administrator authorization, you need to enable it at the wireless LAN level first. If you plan to use local MAC address filtering for any wireless LAN, use the commands in this section to configure MAC filtering for a wireless LAN.

Enabling MAC Filtering
Use these commands to enable MAC filtering on a wireless LAN:

•Enter config wlan mac-filtering enable wlan-id to enable MAC filtering.

•Enter show wlan to verify that you have MAC filtering enabled for the wireless LAN.

When you enable MAC filtering, only the MAC addresses that you add to the wireless LAN are allowed to join the wireless LAN. MAC addresses that have not been added are not allowed to join the wireless LAN.

Creating a Local MAC Filter
Cisco Wireless LAN Controllers have built-in MAC filtering capability, similar to that provided by a RADIUS authorization server.

Use these commands to add MAC addresses to a wireless LAN MAC filter:

•Enter show macfilter to view MAC addresses assigned to wireless LANs.

•Enter config macfilter add mac-addr wlan-id to assign a MAC address to a wireless LAN MAC filter.

•Enter show macfilter to verify that MAC addresses are assigned to the wireless LAN.
Click to expand...
 
I'm not thinking about mac authentication...

Monitor mode APs use MAC caching during the rogue detection process. It gives you accurate info on which rogues are internal and which are external.

(Kinda like when the old WDS APs would allow you to roam without re-authenticating)

I'm just wondering if that mac cache is shared across the mobility group or not.
 
ahhhh, gotcha. I was wondering why you wanted to use a monitor AP for mac authentication . . . . :rolleyes:

anyhoo, you should be fine with the one AP for mac-caching. I have only setup one dual WLC setup and we used about six APs in dedicated monitor mode for rogue detection and suppression. They were wanting to quash the teacher's WRTs that were all over the damn school district. :D
 
You must log in or register to reply here.
Back
Top