Technical data
Configure MAC Filtering
© 2012 Meru Networks, Inc. Configuring Security 143
To import a list of MAC addresses to deny, create a text file listing all the MAC
addresses, and import the text file. When creating the text file to be imported, only
include one MAC address, in hexadecimal format (xx:xx:xx:xx:xx:xx), per line. For
example, the contents of a text file to be imported might look like the following:
00:04:23:87:89:71
00:06:25:a7:e9:11
00:07:e9:15:69:40
00:0c:30:be:f8:19
00:0c:e6:09:46:64
00:0c:e6:12:07:41
After creating a text file for import, transfer the file to the controller’s /images
directory using the CLI copy command. Ensure that the file has been copied using the
dir command. Then, import the file.
The following example imports a text file named denyacl that adds the MAC
addresses to the deny ACL list:
controller(config)# access-list deny import denyacl
00:04:23:87:89:71
00:06:25:a7:e9:11
00:07:e9:15:69:40
00:0c:30:be:f8:19
00:0c:e6:09:46:64
00:0c:e6:12:07:41
Successfully Added : 6
Duplicate Entries : 0
Invalid Format : 0
Entries Processed : 6
Configure a Remote Radius Server for MAC Filtering
When Radius Server MAC filtering is enabled, station MAC addresses are set up and
managed by a remote Radius Server. When a new station attempts to join the WLAN,
the Controller queries the Radius server with the MAC address to determine whether
the client is permitted. If the Radius server does not respond, or responds that the
client is not authorized, the client is blocked from entering the WLAN.
Radius Server configuration with the CLI is performed using the radius-profile
command and submode where you specify the configuration profile for the primary
(and optional secondary) Radius Server (includes IP address, secret key, port, and the
delimiter used between MAC addresses in its authorization table).
The following command configures and enables the primary Radius server named in
the profile main-auth:
controller(config)# access-list radius-profile primary main-auth
controller(config)#