Security

Reply
New Contributor
Posts: 1
Registered: ‎10-11-2013

restricting mac address on SSID

We are running ArubaOS 6.1.2.6 and we are looking to block certain mac address from connecting to certain SSID's.

 

Or

 

I would like to cerate a "blacklist" of mac addresses to and assign it to a wifi ssid.

 

 

how can I go about doing this with the verson of OS we're running?

Guru Elite
Posts: 21,031
Registered: ‎03-29-2007

Re: restricting mac address on SSID


Ericsante wrote:

We are running ArubaOS 6.1.2.6 and we are looking to block certain mac address from connecting to certain SSID's.

 

Or

 

I would like to cerate a "blacklist" of mac addresses to and assign it to a wifi ssid.

 

 

how can I go about doing this with the verson of OS we're running?


I will just say that any access method that forces you to maintain a list of mac addresses has to be able to scale, otherwise it will be come a chore and then probably discontinued.

 

With that being said you can enforce mac authentication on any SSID by using the instructions here:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1126



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎10-30-2015

Re: restricting mac address on SSID

Hi,

 

Is there a way to do this using the Virtual Controller?

We're using OAW-AP205 (Alcatel-Lucent branded Instant 205 devices) running on 6.4.3.1-4.2.0.0_51112

 

I cannot find the Configuration > Security > Authentication > L2 Authentication page.

 

Probably missing something obvious...

 

Thanks,

Peter

Guru Elite
Posts: 8,464
Registered: ‎09-08-2010

Re: restricting mac address on SSID

Occasional Contributor I
Posts: 6
Registered: ‎10-30-2015

Re: restricting mac address on SSID

Hi,

 

Thank you for your reply, however, this was not the original question.

I don't want to limit which devices may access an SSID, I want to control which devices may NOT!

 

...practically speaking I don't want company laptops to use the guest wifi (simply because different rules and content filtering policies were defined for guests than staff)...

Guru Elite
Posts: 8,464
Registered: ‎09-08-2010

Re: restricting mac address on SSID

This is really a function of an authentication server with policy decisions. Do you have ClearPass?

 

Otherwise you'll have to maintain MAC to role assignments on the controller.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 6
Registered: ‎10-30-2015

Re: restricting mac address on SSID

No, unfortunately we don't have ClearPass for the moment.

Contributor I
Posts: 38
Registered: ‎06-05-2014

Re: restricting mac address on SSID

On Instant you can only block a MAC adress for every SSID. (Security -> Blacklisting)


Sven
ACMP + ACCP
Occasional Contributor I
Posts: 6
Registered: ‎10-30-2015

Re: restricting mac address on SSID

Hi Sven,

 

Thank you for your reply, the key for me in it was every SSID. I want to block certain MACs from acessing just certain SSID(s).

 

Basically force company devices to use staff wifi, but not ban them entirely.

 

For now I can prevent associated hosts accessing WAN or other other zones, but I think it would be more relevant to prevent them accessing the guest WLAN in the first place.

 

Cheers,

Peter

Contributor I
Posts: 38
Registered: ‎06-05-2014

Re: restricting mac address on SSID

This is what I understood in your post.

 

Differentiating is only possible with Clearpass.

 

What's the intention behind this?

Do employees have less problems in your guest wifi? Free bandwidth?


Sven
ACMP + ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: