Just another brief note - cisco hardware has a "communicate with other cisco ONLY" mode - if your other devices are NOT cisco, they're not going to make it through. Make sure this is turned off unless your whole net is and will always be cisco (talk about obscure security).
My philosophy is start of by turning off ALL security (wide open) - then get the wireless working - then one at a time turn on as many security features as you feel comfortable with - check the link in between each change including re-authenticating - then add more security. This way when something breaks, you know exactly what is doing it. If you mix brands (cisco/linksys/etc) then do the test with all brands represented. Re-authenticate each brand after turning on each security feature. There are incompatibilities out there. Murphy's law states you'll find the most obscure one last. I even had a perfectly working network DIE when a new cisco bridge was added (ALL cisco h/w) - turned out it was the firmware revision. I first grabbed another cisco box off the shelf which had old firmware and things worked again. Revised the f/w in the "new" box and it worked too! Naturally this was not documented ANYWHERE. Everett > > Tony, > > Did you remember to 'enable' the filter as well? > It is under [Advanced] in the AP Radio row of the Network Ports section at the > bottom of the Setup > page. > > http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/air/ap3xx/SetAdvPC4800.shm.htm > > Your problem sounds much like the filter is not being used, and all MACs are being > allowed. Be > careful not to lock yourself out of the AP, eh? > > I am sure you are also paying good cash for TAC support - usee them, they are good. > > Cheers! > --- [EMAIL PROTECTED] wrote: > > > > > > This should be very easy, but it seems I'm having a hard time with it. > > > > I'm try to get three 340s and one 350 to deny any MAC addy not in their list. > > They are using open authentication (no WEP), and the lists contain up to date > > MAC address of my users. The firmware is 12.03T on all units (just upgraded > > them yesterday). I've also disallowed the default unicast adress filter in the > > AP Radio/Advanced page (for Open/Shared/EAP). > > > > My wireless MAC isn't added in, but can still associate with the APs, ping > > various place on my network and in the internet etc. In the AP's logs I see the > > following: > > > > 2003/09/18 15:44:15 Info Station [10.40.8.143]00022d0e1fbd roamed > > 2003/09/18 15:43:52 Info Station [10.40.8.143]00022d0e1fbd Associated > > 2003/09/18 15:43:52 Info Station [10.40.8.143]00022d0e1fbd > > Authenticated > > 2003/09/18 15:42:34 Info Station [10.40.8.143]00022d0e1fbd roamed > > 2003/09/18 15:41:44 Info Station [10.40.8.143]00022d0e1fbd > > Reassociated > > 2003/09/18 15:41:44 Info Station [10.40.8.143]00022d0e1fbd > > Authenticated > > 2003/09/18 15:41:44 Info Deauthenticating > > [10.40.8.143]00022d0e1fbd, reason > > "Must Authenticate Before Associating" > > > > I have to auth before I assoc, but I auth right through without a problem. > > > > I've read the documentation from Cisco on this portion at least half a dozen > > times in the last two days. I'm sure we paid some nice cash for these things, > > but I'm starting to feel like we should have got a few Linksys or something. > > What am I missing? > > -- > > general wireless list, a bawug thing <http://www.bawug.org/> > > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
