04-17-2014 08:48 AM
You could blacklist the device or use the UDR and match the mac address of the device to be place in a DENY ROLE
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
04-17-2014 08:48 AM - edited 04-17-2014 08:53 AM
You can blacklist the client which will prevent them from fully associating. On each local controller:
stm add-blacklist-client <mac-addr>
Also, if you want to permantently block the clients (by default, the blacklist ages out), you'll need to run the following command:
(config) #ap ap-blacklist-time 0
04-17-2014 11:59 PM
Not sure if the specific diveice which you want to block is wired or wireless. If it is wireless, you can just simple black-list as per prevous comments. if we are talking about any wired deivce that you dont want to access the wireless network.
i would recomment to just put the ACL on the controller uplink to drop the traffic from the device to WLAN on the controller.
Say for example by this way..
ip access-list session "block device"
any host <ip address of the device> any deny
any any any permit
Map this policy to controller uplink to drop the traffic. Make sure you add any any any permit is added to the below policy.