网站首页/网络软件列表/内容

胖AP mac地址过滤完成图文详细教程

网络软件2024-05-03阅读
路由器(Router)是连接两个或多个网络的硬件设备,在网络间起网关的作用,是读取每一个数据包中的地址然后决定如何传送的专用智能性的网络设备,路由器最主要的功能为实现信息的转送。

本文介绍在思科胖AP上配置mac地址过滤的方法,比较简单,记录一下。
思路
1.需要创建一个MAC地址访问列表,该列表在700-799数字范围内。
2.使用dot11 association mac-list命令将其绑定在无线接口上。
配置
configure terminal
access-list 701 permit 0026.5a0e.3123 0000.0000.0000
dot11 association mac-list 701
代表只允许mac为0026.5a0e.3123的设备接入网络,其它设备无法。
0000.0000.0000代表48位硬件地址掩码,默认都需要加上。

configure terminal
access-list 701 deny 0026.5a0e.3123 0000.0000.0000
dot11 association mac-list 701
代表拒绝 mac为0026.5a0e.3123的设备接入网络,其它设备可以接入。
范例
ap#show dot11 associations

802.11 Client Stations on Dot11Radio0:

SSID [CORPORATE] :

MAC Address IP address Device Name Parent State
0026.5a0e.3123 10.100.146.129 ccx-client – self Assoc // JUST ALLOW THIS
10a5.d0e0.7456 10.100.146.133 ccx-client – self Assoc

ap#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ap(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
dynamic-extended Extend the dynamic ACL absolute timer
rate-limit Simple rate-limit specific access list

ap(config)#access-list 701 ?
deny Specify packets to reject
permit Specify packets to forward

ap(config)#access-list 701 permit ?
H.H.H 48-bit hardware address

ap(config)#access-list 701 permit 0026.5a0e.3123 ?
H.H.H 48-bit hardware address mask
<cr>

ap(config)#access-list 701 permit 0026.5a0e.3123 0000.0000.0000
ap(config)#

ap(config)#dot11 association ?
mac-list filter client with a MAC address access list

ap(config)#dot11 association mac-list ?
<700-799> Ethernet address access list

ap(config)#dot11 association mac-list 701 // APPLY TO RADIO INTERFACE
ap(config)#
*Oct 28 09:49:01.194: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 10a5.d0e0.7456
*Oct 28 09:49:01.194: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station d025.988f.7789
*Oct 28 09:49:01.374: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Oct 28 09:49:01.403: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 28 09:49:01.414: %DOT11-4-MAXRETRIES: Packet to client 10a5.d0e0.7456 reached max retries, removing the client
*Oct 28 10:12:04.141: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0026.5a0e.3123 Associated KEY_MGMT[NONE]

ap#show dot11 associations

802.11 Client Stations on Dot11Radio0:

SSID [CORPORATE] :

MAC Address IP address Device Name Parent State
0026.5a0e.3123 10.100.146.129 ccx-client – self Assoc

附:web配置方法
Security > Advance Security > Association Access List > Define Filter.
Type the Filter Index (starts in ACL number 700 and ends 799) > type the MAC address in dotted hexadecimal format (HHHH.HHHH.HHHH) > under Action choose either Forward or Block > Add > Apply.

胖AP mac地址过滤实现教程1
胖AP mac地址过滤实现教程2

 


本文可以帮助您基本地设置和管理您的路由器。

……

相关阅读