Security

Reply
New Contributor

restricting mac address on SSID

We are running ArubaOS 6.1.2.6 and we are looking to block certain mac address from connecting to certain SSID's.

 

Or

 

I would like to cerate a "blacklist" of mac addresses to and assign it to a wifi ssid.

 

 

how can I go about doing this with the verson of OS we're running?

Guru Elite

Re: restricting mac address on SSID


Ericsante wrote:

We are running ArubaOS 6.1.2.6 and we are looking to block certain mac address from connecting to certain SSID's.

 

Or

 

I would like to cerate a "blacklist" of mac addresses to and assign it to a wifi ssid.

 

 

how can I go about doing this with the verson of OS we're running?


I will just say that any access method that forces you to maintain a list of mac addresses has to be able to scale, otherwise it will be come a chore and then probably discontinued.

 

With that being said you can enforce mac authentication on any SSID by using the instructions here:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1126



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: restricting mac address on SSID

Hi,

 

Is there a way to do this using the Virtual Controller?

We're using OAW-AP205 (Alcatel-Lucent branded Instant 205 devices) running on 6.4.3.1-4.2.0.0_51112

 

I cannot find the Configuration > Security > Authentication > L2 Authentication page.

 

Probably missing something obvious...

 

Thanks,

Peter

Guru Elite

Re: restricting mac address on SSID

Occasional Contributor I

Re: restricting mac address on SSID

Hi,

 

Thank you for your reply, however, this was not the original question.

I don't want to limit which devices may access an SSID, I want to control which devices may NOT!

 

...practically speaking I don't want company laptops to use the guest wifi (simply because different rules and content filtering policies were defined for guests than staff)...

Guru Elite

Re: restricting mac address on SSID

This is really a function of an authentication server with policy decisions. Do you have ClearPass?

 

Otherwise you'll have to maintain MAC to role assignments on the controller.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: restricting mac address on SSID

No, unfortunately we don't have ClearPass for the moment.

Contributor II

Re: restricting mac address on SSID

On Instant you can only block a MAC adress for every SSID. (Security -> Blacklisting)


Sven

ACMX 754, ACCX 726
Occasional Contributor I

Re: restricting mac address on SSID

Hi Sven,

 

Thank you for your reply, the key for me in it was every SSID. I want to block certain MACs from acessing just certain SSID(s).

 

Basically force company devices to use staff wifi, but not ban them entirely.

 

For now I can prevent associated hosts accessing WAN or other other zones, but I think it would be more relevant to prevent them accessing the guest WLAN in the first place.

 

Cheers,

Peter

Contributor II

Re: restricting mac address on SSID

This is what I understood in your post.

 

Differentiating is only possible with Clearpass.

 

What's the intention behind this?

Do employees have less problems in your guest wifi? Free bandwidth?


Sven

ACMX 754, ACCX 726
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: