cannot be configured for Guest LANs.
Authentication and Switching—MAC authentication takes priority over MAC
filtering if an external RADIUS is configured for the WLAN.
Authentication and Switching—MAC authentication does not work if MAC filtering
is not supported on local authentication.
Interface mapping and profile precedence—MAC filtering for the WLAN
set to any WLAN/Interface requires a mandatory profile name, followed by the
interface name for the traffic to work properly.
Information About MAC Filtering of WLANs
When you use MAC filtering for client or administrator authorization, you need to enable it at the WLAN level first. If you plan to use local MAC address filtering for any WLAN, use the commands in this section to configure MAC filtering for a WLAN.
Enabling MAC Filtering
Use these commands to enable
MAC filtering on a WLAN:
Enable MAC filtering by
config wlan mac-filtering enablewlan_id
Verify that you have MAC
filtering enabled for the WLAN by entering the
show wlan command.
When you enable MAC
filtering, only the MAC addresses that you add to the WLAN are allowed to join
the WLAN. MAC addresses that have not been added are not allowed to join the
When a client tries to associate to a WLAN for the first time, the
client gets authenticated with its MAC address from AAA server. If the
authentication is successful, the client gets an IP address from DHCP server,
and then the client is connected to the WLAN.
When the client roams or sends association request to the same AP or
different AP and is still connected to WLAN, the client is not authenticated
again to AAA server.
If the client is not connected to WLAN, then the client has to get
authenticated from the AAA server.