Stations

The station table defines which WLAN clients can associate with the WLAN networks of the APs which are centrally managed by the WLC. Furthermore, the method offers a convenient way to give each WLAN client an individual authentication passphrase and a VLAN ID.

To use the station table, it is imperative that the RADIUS server is activated in the WLC under WLAN Controller > Stations > Stations. As an alternative, requests can be forwarded to another RADIUS server. More information on RADIUS is available under RADIUS.

For every logical WLAN in which WLAN clients are authenticated by RADIUS, the MAC check has to be activated.

MAC address

MAC address of the WLAN client for this entry. The following entries are possible:

Individual MAC address: A MAC address in the format 00a057112233, 00-a0-57-11-22-33 or 00:a0:57:11:22:33.
Wildcards: The wildcards '*' and '?' uses to specify MAC address ranges, e.g. 00a057*, 00-a0-57-11-??-?? or 00:a0:??:11:*.
Vendor ID: The device contains a list of the major manufacturer OUIs (organizationally unique identifier). The MAC address range is valid if this entry matches the first three bytes of the MAC address of the WLAN client.
Anmerkung: It is possible to use wildcards.

SSID

WLAN clients with the corresponding MAC addresses have access that is limited to this SSID.

Anmerkung: The use of wildcards makes it possible to allow access to multiple SSIDs.

Name

You can enter any name you wish and a comment for any WLAN client. This enables you to assign MAC addresses more easily to specific stations or users.

Passphrase

Here you may enter a separate passphrase for each physical address (MAC address) that is used in a 802.11i/WPA/AES-PSK-secured network. If no separate passphrase is specified for this MAC address, then the passphrases used are those stored for each logical wireless LAN network in the 802.11i/WEP section (for WLCs, these are defined in the logical WLAN networks (SSIDs)).

TX bandwidth limit

Transmission-bandwidth restriction for WLAN clients currently authenticating themselves. A WLAN device in client mode communicates its setting to the AP when logging on. This then uses uses these two values to set the minimum bandwidth.

RX bandwidth limit

Reception-bandwidth restriction for WLAN clients currently authenticating themselves. A WLAN device in client mode communicates its setting to the AP when logging on. This then uses uses these two values to set the minimum bandwidth.

Anmerkung: The RX bandwidth restriction is only active for WLAN devices in client mode. For value is not used by normal WLAN clients.

VLAN-ID

This VLAN ID is assigned to packets that are received from the client with the MAC address entered here. In case of VLAN-ID '0', the station is not assigned a specific VLAN ID. Instead, the VLAN ID of the radio cell (SSID) applies.

If filter rules contradict, the individual rule has a higher priority: A rule without wildcards in the MAC address or SSID takes precedence over a rule with wildcards. When creating these entries, the user should ensure that filter rules do not contradict. The definitions in the filters can be checked in a Telnet session with the trace command trace WLAN-ACL.

Wichtig: The filter criteria in the station list either allow or deny WLAN clients to access your wireless network. The entries Name, Bandwidth limit, VLAN ID and Passphrase are meaningless if the device uses valid filter criteria to deny access to the WLAN.