Security

Reply
Occasional Contributor II
Posts: 19
Registered: ‎01-13-2014

Blacklist Per SSID

[ Edited ]

Blacklisting per SSID possible? We have three different SSID's and the problem is that students keep accessing our teacher network on personal devices. I have a Guest Network that use LDAP with a Captive Portal for BYOD, I was wondering If I could block a device on the teacher network so the student would be forced to use the Guest Network. Currently I blacklist devices (only phones) until the student seeks help on why they can't connect at all. I don't mind managing this process by hand if I need to enter MAC's into a list that's not allowed to connect to the Teacher Network.

 

Teacher Network = Radius

Guest Network = Captive Portal

Third SSID = HIdden + Passphrase

 

Controller 7210

6.4.1.0

 

 

Thanks

Guru Elite
Posts: 7,869
Registered: ‎09-08-2010

Re: Blacklist Per SSID

You would either have to use logic on your RADIUS server or use something like UDRs to put users into a deny role.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 19
Registered: ‎01-13-2014

Re: Blacklist Per SSID

Thanks Tim,

 

I'm looking into  UDR's, I found some metrial on the setup and i'm going to give it a shot.

 

Joe

Occasional Contributor II
Posts: 19
Registered: ‎01-13-2014

Re: Blacklist Per SSID

I can't seem to change the user's role to denyall with UDR.

 

Authentication > Servers > Server Group > server_group_name

Click New under Server Rules and fill in the blanks:

Condition = macaddr

Operation = equals

operand = aa:bb:cc:dd:ee:ff

Action = set role

Value = denyall

 

This is not working to block access to my teacher network.

Guru Elite
Posts: 7,869
Registered: ‎09-08-2010

Re: Blacklist Per SSID

Did you select the UDR in the AAA profile for that SSID?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 19
Registered: ‎01-13-2014

Re: Blacklist Per SSID

[ Edited ]

Thanks Tim, you pointed me in the right direction and now it's working great.

Search Airheads
Showing results for 
Search instead for 
Did you mean: