Security

Reply
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Can I "blacklist" all mobile devices from connecting to company wifi?

I have Clearpass as well as mobility controllers with 350 AP's.  Is there a easy way to disable devices from connecting to the wifi?  we have AD policies requiring users to change their password every 90 days.. they forget to change their wifi password on their smart device (BB, Android, iPhone) and their account gets locked out and someone from the service desk needs to unlock.  Clearpass gave us the ability to find the source of the lockout but still cumbersome.  Can I revoke this globally?

Guru Elite
Posts: 8,332
Registered: ‎09-08-2010

Re: Can I "blacklist" all mobile devices from connecting to company wifi?

Not really. The device has to connect once in order for it to be profiled and then you can put the user into a deny all all role but at that point, authentication has already happened.

Why not onboard the devices to alleviate the password issues?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: Can I "blacklist" all mobile devices from connecting to company wifi?

Also if you are running aruba controllers you can enable the blacklist for failed auths

 

For example: you can blacklist anyone that failed authentication 4 times so if your AD has a 5 failed auth limit they will not lock up the AD account.

 

Screen Shot 2014-09-09 at 10.50.54 PM.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Can I "blacklist" all mobile devices from connecting to company wifi?

The problem with onboarding is that they are already company provisioned devices (MDM = Airwatch)..also Blackberry is not supported and I would have to create a separate SSID for mobile devices because we have company laptops connecting already.  I dont want cert based auth for laptops.

Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Can I "blacklist" all mobile devices from connecting to company wifi?

yes, I have aruba controllers... once the client fails auth 4 times.. it will not allow them to connect?  does it blacklist it for good?  because once they fix their password issue, I want them to connect again.

Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: Can I "blacklist" all mobile devices from connecting to company wifi?

I believe it is by default 1 hour. One of the controller guys will need to confirm.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Can I "blacklist" all mobile devices from connecting to company wifi?

I enabled this, however, lockout clients are are still attempting to connect.  is there something else that needs to be enabled?

 

Capture.JPG

Guru Elite
Posts: 8,332
Registered: ‎09-08-2010

Re: Can I "blacklist" all mobile devices from connecting to company wifi?

Do you have station blacklisting enabled in your virtual-ap?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Can I "blacklist" all mobile devices from connecting to company wifi?

yes

Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Can I "blacklist" all mobile devices from connecting to company wifi?

does anything need to be enabled here?Capture.JPG

Search Airheads
Showing results for 
Search instead for 
Did you mean: