Wireless Access

MAC based authentication is working fine for wireless users. when the clients are connected to the desired SSID on which mac-aaa profile is set, it ask username & password for authentication. Working fine for wireless users whom mac address are configured in the internal database!!!!

Now... I have configured the same MAC-aaa profile to the controller port 1/4 and make the port untrusted and in the internal database i have added the mac address of client lan card. Now the client is wiredly connected to the controller port 1/4 and recveing a ip address of 192.168.3.0 network through DHCP enabled and authenticated and able to browse the websites.

Now i have deleted the mac address of client lan card from the internal database and apply/save config, but it still able to browse the internet. Whats the problem here ? hows it possible ?

Kindly help me in this regard.

because it's still got the auth role in the user-db

(via gui) fast method: find the mac in your clients - and do blacklist and then unblacklist - and then u will see that it will have untrusted (no internet) role.

2nd method: (via cli)

3600) #aaa user delete ?
A.B.C.D                 Match IP address
all                     Delete all users
ap-ip-addr              Match AP IP address
ap-name                 Match AP name
mac                     Match MAC address
name                    Match user name
role                    Match role name

Thaks sir,.

I have verify all the config and follow your guidlines... its fine now/..

Thumbs up.... :)