Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 12
Registered: ‎02-09-2015

IAP 225 Manually Blacklist Limit of 128?

I am manually blacklisting clients on my IAP 225 and I just received an error that Blacklist cannot support more than 128 clients?  How can I blacklist all the external devices on my wireless AP?

Guru Elite
Posts: 20,426
Registered: ‎03-29-2007

Re: IAP 225 Manually Blacklist Limit of 128?

Switch to username and password authentication. Mac authentication is only viable when you are blacklisting a few clients.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎02-09-2015

Re: IAP 225 Manually Blacklist Limit of 128?

How would I do that?  And can I only require that for certain devices?  Thanks so much for your help!

Guru Elite
Posts: 20,426
Registered: ‎03-29-2007

Re: IAP 225 Manually Blacklist Limit of 128?

Do you have active directory?  If not, what do you use to authenticate users?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎02-09-2015

Re: IAP 225 Manually Blacklist Limit of 128?

[ Edited ]

Yes, I have active directory.  We are 1:1 with iPads also, so I would want their iPads to automatically connect, but I don't want them to be able to connect with their phones, iPod Touches, etc. at all.  Is that possible?  Thanks!

Occasional Contributor II
Posts: 12
Registered: ‎02-09-2015

Re: IAP 225 Manually Blacklist Limit of 128?

Anybody have any solutions to this? 

 

Thanks!!

Guru Elite
Posts: 20,426
Registered: ‎03-29-2007

Re: IAP 225 Manually Blacklist Limit of 128?

Sarusk,

 

You are blocking 128 devices.  Why don't you do the reverse and use mac authentication to only allow the devices that you want on the network?  http://community.arubanetworks.com/t5/Controller-less-WLANs/How-do-I-enable-MAC-authentication-in-Aruba-Instant-using/ta-p/181302

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎02-09-2015

Re: IAP 225 Manually Blacklist Limit of 128?

Thanks for your response Colin.  I have put this on the back burner and am just getting back to it.  I followed the link to the information you provided, and just have a few questions I hope you can help with.  I am running PC's, Chromebooks, iPads, and MacBooks in my school.  What does it mean by InternalDB?  I'm trying to figure out how they would authenticate, and how it would keep them from authenticating on their phones and other devices that don't belong to the school.  Thanks so much for your help!

Guru Elite
Posts: 20,426
Registered: ‎03-29-2007

Re: IAP 225 Manually Blacklist Limit of 128?

You probably need to figure out what is the shorter list:

 

- The devices that you want to allow on to your network,

- The devices that you want to keep off of the network

 

If the devices that you want to allow is fairly short, you can add their mac addresses to the internal database and only those devices will be let on.

If the devices you want to keep off is fairly short (I'm sure it is not), you can add them to the list of blacklisted devices, so that they can never get on.

 

If you are already at 128, you need a more scalable solution like ClearPass to manage those devices and possibly Onboard within ClearPass to only allow certain BYOD devices onto your network.  

 

For now, if you configure one of your Windows Servers as a radius server and authenticate using username and password, that will at least only allow authorized people who have valid credentials onto your wireless network.  You can optionally put individuals who are authorized into a Windows group and allow them to get onto the network, but that will get as tiresome as managing mac addresses.  Ultimately, I suspect you will just let everyone on who has domain credentials, because anything else is too mangement-intensive.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: