Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

This thread has been viewed 0 times

  • 1.  Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

    Posted Jan 02, 2014 01:41 PM

    I am trying to limit a subset of clients to only associate to 1 particular SSID and never associate to any of the other 3 SSIDs.  Has anyone had any experience in achieving this?  These clients are specific Apple IPhones and are only used by certain employees, so it is not an issue of "Guest" access.



  • 2.  RE: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?
    Best Answer

    EMPLOYEE
    Posted Jan 02, 2014 01:43 PM

    You could put them in a role that denies all layer 3 access if they connect to the other SSIDS, but there is really no way to stop them from associating to the SSID. It's a client decision.

     

    You might want to check the latest Profile Manager from Apple and see if a configuration profile can block certain networks. I know Windows can do this via Group Policy or netsh scripts.



  • 3.  RE: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

    EMPLOYEE
    Posted Jan 02, 2014 01:49 PM

    If you have Clearpass, AND you can get a list of MAC addresses, you can limit the access using clearpass's logic using the MAC address and SSID names in the services.



  • 4.  RE: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

    Posted Jan 02, 2014 01:52 PM

    Unfortunately, we do not have Clear Pass.



  • 5.  RE: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

    Posted Jan 02, 2014 01:56 PM

    Creating a separate role for these guys may be the answer.  The Apple phones were configured to only associate to the proper SSID, but apparently someone knows how to override that, and connect to an Internet facing SSID.  Thanks for the suggestion!!



  • 6.  RE: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

    MVP
    Posted Jan 03, 2014 05:43 AM

    You could use dhcp fingerprinting to give them a block-all role when they connect to an unauthorized ssid.

    This'll block all devices with that fingerprint though so no way do discern allowed iphones vs disallowed ones for example.