Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 23
Registered: ‎11-03-2015

Blacklisting/Whitelisting in Bulk

Hello,

 

I have just over 20 IAP 225s' that are on 9 different vlans, hence 9 different virtual controllers. We are going to rectify this during the summer, but for now here is my question.

 

Is there a way to blacklisting or whitelist clients either via mac address, device type or OS?

 

I have a list of iPad mac addresses that should be the only devices connecting to a particular SSID, and I can generate a list of unauthroized devices via putty that I could use for an import if this was possible.

 Any ideas?

 Version:6.4.2.6-4.1.1.7_50209

 

Guru Elite
Posts: 7,991
Registered: ‎09-08-2010

Re: Blacklisting/Whitelisting in Bulk

This is really a function of network authentication. Do you have ClearPass?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 23
Registered: ‎11-03-2015

Re: Blacklisting/Whitelisting in Bulk

I do not have clearpass.

Guru Elite
Posts: 7,991
Registered: ‎09-08-2010

Re: Blacklisting/Whitelisting in Bulk

What RADIUS solution are you using?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Blacklisting/Whitelisting in Bulk

Do you have AIrwave?  

 

In addition, you can play around with role-based access in the SSID security settings.  There are conditions you can put in there like Mac Address BEGINS WITH or DHCP fingerprint CONTAINS, etc... that should help.  If those filters hit, then you could assign a denyall role.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II
Posts: 23
Registered: ‎11-03-2015

Re: Blacklisting/Whitelisting in Bulk

We were using a radius server which ran from our Domain controller, this server crashed, and we are now simply using WPA2 Personal authentication.

 

 

Occasional Contributor II
Posts: 23
Registered: ‎11-03-2015

Re: Blacklisting/Whitelisting in Bulk

no Airwave. ANd I do not see a way to filter by MAC address starts with, as this would help.

Occasional Contributor II
Posts: 23
Registered: ‎11-03-2015

Re: Blacklisting/Whitelisting in Bulk

I have 3 SSIDs right now. I only need to blacklist items on one SSID. I only want ipads to connect to this SSID. No phones, no andriod devices, etc. 

 

I have a list of MAC addresses of the approved devices, and a mac list of the devices that I want to blacklist. THe blacklist count is much smaller at this time.

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Blacklisting/Whitelisting in Bulk

In the access settings for the SSID, there should be a slider where you can toggle to role-based...then you get a box labeled role assignment rules...one of them in this drop down box is mac address.  

 

The below is a screenshot from Airwave but it's nearly identical in the virtual controller...

 

Before you do this, create a role and call it denyall and have a deny statement in there.  If anything matches the role assignment rules, it will be assigned the denyall role and not get any access.

 

Alternatively, you could have the role assignment be for the full access role and the default role for this SSID would be denyall meaning that only devices that match the role assignment rules will be allowed access.

 

Screen Shot 2015-11-06 at 2.01.05 PM.png

 

 

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II
Posts: 23
Registered: ‎11-03-2015

Re: Blacklisting/Whitelisting in Bulk

I dont see the option anywhere for MAC address. Also, I added 60+ MAC addresses manually, and the devices are still being listed as clients. I've rebooted all access points, tried disconnecting the devices manually, but they still reconnect.

 

vc.jpg

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: