Security

Reply
Occasional Contributor II

Blacklist Per SSID

Blacklisting per SSID possible? We have three different SSID's and the problem is that students keep accessing our teacher network on personal devices. I have a Guest Network that use LDAP with a Captive Portal for BYOD, I was wondering If I could block a device on the teacher network so the student would be forced to use the Guest Network. Currently I blacklist devices (only phones) until the student seeks help on why they can't connect at all. I don't mind managing this process by hand if I need to enter MAC's into a list that's not allowed to connect to the Teacher Network.

 

Teacher Network = Radius

Guest Network = Captive Portal

Third SSID = HIdden + Passphrase

 

Controller 7210

6.4.1.0

 

 

Thanks

Guru Elite

Re: Blacklist Per SSID

You would either have to use logic on your RADIUS server or use something like UDRs to put users into a deny role.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Blacklist Per SSID

Thanks Tim,

 

I'm looking into  UDR's, I found some metrial on the setup and i'm going to give it a shot.

 

Joe

Occasional Contributor II

Re: Blacklist Per SSID

I can't seem to change the user's role to denyall with UDR.

 

Authentication > Servers > Server Group > server_group_name

Click New under Server Rules and fill in the blanks:

Condition = macaddr

Operation = equals

operand = aa:bb:cc:dd:ee:ff

Action = set role

Value = denyall

 

This is not working to block access to my teacher network.

Guru Elite

Re: Blacklist Per SSID

Did you select the UDR in the AAA profile for that SSID?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Blacklist Per SSID

Thanks Tim, you pointed me in the right direction and now it's working great.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: