Wireless Access

Reply
New Contributor
Posts: 4
Registered: ‎10-22-2012

Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

I am trying to limit a subset of clients to only associate to 1 particular SSID and never associate to any of the other 3 SSIDs.  Has anyone had any experience in achieving this?  These clients are specific Apple IPhones and are only used by certain employees, so it is not an issue of "Guest" access.

Jim Genova
Wake Med Health & Hospitals
Network Engineer; ACMP, CWNA

Guru Elite
Posts: 8,632
Registered: ‎09-08-2010

Re: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

You could put them in a role that denies all layer 3 access if they connect to the other SSIDS, but there is really no way to stop them from associating to the SSID. It's a client decision.

 

You might want to check the latest Profile Manager from Apple and see if a configuration profile can block certain networks. I know Windows can do this via Group Policy or netsh scripts.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

If you have Clearpass, AND you can get a list of MAC addresses, you can limit the access using clearpass's logic using the MAC address and SSID names in the services.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
New Contributor
Posts: 4
Registered: ‎10-22-2012

Re: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

Unfortunately, we do not have Clear Pass.

Jim Genova
Wake Med Health & Hospitals
Network Engineer; ACMP, CWNA

New Contributor
Posts: 4
Registered: ‎10-22-2012

Re: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

Creating a separate role for these guys may be the answer.  The Apple phones were configured to only associate to the proper SSID, but apparently someone knows how to override that, and connect to an Internet facing SSID.  Thanks for the suggestion!!

Jim Genova
Wake Med Health & Hospitals
Network Engineer; ACMP, CWNA

MVP
Posts: 777
Registered: ‎03-25-2009

Re: Can anyone tell me if I can limit a subset of clients to only associate to a particular SSID?

You could use dhcp fingerprinting to give them a block-all role when they connect to an unauthorized ssid.

This'll block all devices with that fingerprint though so no way do discern allowed iphones vs disallowed ones for example.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: