MY80211.com

There can be countless reasons why you may want to block a wireless client from accessing the WLAN. One real world scenario happened a few months back where I was contacted by a customer who's enterprise was just hit with a virus. As they quarantined and identified infected hosts they could not account for 50+ wireless clients, which were infected and online.

As they cleaned infected machines, these machines became infected again due to these 50+ devices. They needed a way to disable them from the WLAN,  but didn't have time to locate the 50+ nor did they know their exact location.Here is how to disable clients blocking access to the WLAN.

NOTE: WHEN A CLIENT IS ON THE EXCLUSION LIST, THE WLC IGNORES PROBE REQUEST FROM THE CLIENT. SEE DEBUG BELOW

 

CONFIG CLIENT EXCLUSION

(Cisco Controller) >config exclusionlist ?              
add               Creates a local exclusion-list entry
delete           Deletes a local exclusion-list entry
description    Sets the description for an exclusion-list entry

(Cisco Controller) >config exclusionlist add 00:25:d3:8b:00:13

REMOVE CLIENT EXCLUSION (ALLOWS CLIENT ACCESS TO WLAN)

(Cisco Controller) >config exclusionlist delete 00:25:d3:8b:00:13

DEBUG CLIENT WHILE EXCLUDED

NOTE: THE WLC IS IGNORING THE CLIENTS PROBE REQUEST

(Cisco Controller) debug>client 00:25:d3:8b:00:13
Fri Jan  1 17:57:04 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:08 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:09 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:12 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:13 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:17 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:21 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:22 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:25 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:26 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:27 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:29 2010: 00:25:d3:8b:00:13 Ignoring probe request due to exclusion-listing of the mobile
Fri Jan  1 17:57:29 2010: 00:25:d3:8b:00:13 Association request(2): Exclusion-listed!!