blocking mac range for BYOD

New Member

blocking mac range for BYOD


We are using a 850 AC controller with IMC, to have a byod platform.

since our network is fairly spread out, ive unfortunately gotten myself some.. unwanted users, and they seem to be using a virtual machine or something in that order to access a specific accesspoint.

Is there a way to block a certain range of MAC addresses in the UAM/ IMC? f.x 02:00:00:00:00:00-02:FF:FF:FF:FF:FF

ive tried to look at the available information in the UI about the client, and it seems to be a windows 10 machine.

The MAC changes regularly as the user tries to evade my blocks, so i assume he is either running in a vm, or has the ability to alter/spoof the mac of his equipment.

Esteemed Contributor

Re: blocking mac range for BYOD

At first I looked at creating an Access scenario using the endpoint groups, but unlike IPs you can't specify a range of MACs, only individual ones. You could import a list, but all macs in a range is too many

However you might look at the mute terminal user Configuration profile under Access user - you can configure a range of MAC's there to automatically register and assign to a service - where it can then deny any access or dump them on a dead end vlan or something. It does have a deny filter option, so that might also be even simpler.

Depends on how the BYOD setup you've deployed might work with the mute terminal registration.