Cisco Systems, Inc.
Client pre-association denial based on service policy

Abstract:

Techniques for selective association and denial of association are provided. Association requests from a first device and a second device are received at an access point. A first media access control (MAC) address of the first device is determined, and a second MAC address of the second device is determined. A first role of the first device and a second role of the second device are each identified, based on a predefined mapping between MAC addresses and roles. Upon determining that the first device is associated with the first role, a unicast response is returned to the first device, where the unicast response includes an association disallowed frame. Additionally, upon determining that the second device is associated with the second role, a unicast response is returned to the second device, where the unicast response allows the second device to associate with the access point.