Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 17
Registered: ‎06-28-2013

How to block a user account from connecting to wireless

Hi,

 

We got a problem here. one generic user id is being used to connect to wifi. We need to block that particular ID from connecting to wifi. Is there any way we can block a "user id" used to connecting to wifi?

 

Thank you

 

Rgds,

Jay

Guru Elite
Posts: 8,048
Registered: ‎09-08-2010

Re: How to block a user account from connecting to wireless

What are you using for a RADIUS server? Is this an Active Directory account?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 17
Registered: ‎06-28-2013

Re: How to block a user account from connecting to wireless

Hi Tim,

 

Yes, we have radius server and also its an AD account.

 

We need to block a particular user id from connecting to wifi alone. This id is being used by a group of people for desktops.

 

Thanks,

 

Rgds,

Jay

Guru Elite
Posts: 8,048
Registered: ‎09-08-2010

Re: How to block a user account from connecting to wireless

OK. Are you using Microsoft NPS for your RADIUS server? The easiest way to block them would be to create a new connection rule that blocks access for that user account.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 17
Registered: ‎06-28-2013

Re: How to block a user account from connecting to wireless

We are using Cisco ACS 5.4 for Radius authentication. Any commands we can execute to block it in IAP level?

 

Occasional Contributor II
Posts: 17
Registered: ‎06-28-2013

Re: How to block a user account from connecting to wireless

Hi,

 

Any solution identified / suggestions?

 

Guru Elite
Posts: 8,048
Registered: ‎09-08-2010

Re: How to block a user account from connecting to wireless

In the Instant UI
1. Click the Security link from the top right corner of the Instant main window.
2. Click the Blacklisting tab.
3. Under the Manual Blacklisting, click New .
4. Enter the MAC address of the client to be blacklisted in the MAC address to add text box.
5. Click OK. The Blacklisted Since tab displays the time at which the current blacklisting has started for the client.
6. To delete a client from the manual blacklist, select the MAC Address of the client under the Manual Blacklisting,
and then click Delete.

 

In the CLI
To blacklist a client:

(Instant Access Point)(config)# blacklist-client <MAC-Address>
(Instant Access Point)(config)# end
(Instant Access Point)# commit apply

 


To view the blacklisted clients:

(Instant Access Point)# show blacklist-client

 


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 17
Registered: ‎06-28-2013

Re: How to block a user account from connecting to wireless

Hi Tim,

 

Thank you for sharing the steps for blacklisting the client. 

 

But my question is, is there any possibilities to block a particular user account. 

 

We have one generic user account, people are using this account to access the wifi. Interns, we are clueless to identify the user who is utilising more BW. We would like to block this particular "Generic Account" from connecting to wifi.

 

Is there any possible way in IAP that we can restrict access via a specific user account?

 

Thank you.

 

Guru Elite
Posts: 8,048
Registered: ‎09-08-2010

Re: How to block a user account from connecting to wireless

Try something like this:

 

instant-denyall-username.JPG


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Moderator
Posts: 681
Registered: ‎04-16-2009

Re: How to block a user account from connecting to wireless

[ Edited ]
 
Search Airheads
Showing results for 
Search instead for 
Did you mean: