Wireless Access

Reply
Occasional Contributor I
Posts: 6
Registered: ‎03-26-2013

How to create Whitelist

Hi,

 

i have some problem for my controller and my AP,sometime if client want to connect AP  is so difficult to get IP and controller detected blacklist mac address client is IP spoofing. so what can i do for this case.!

can i create white list for client so if client difficult to get IP, controller cannot detected blacklist.

 

 

Thanks you

 

MVP
Posts: 562
Registered: ‎11-28-2011

Re: How to create Whitelist

Is this a ligitimate client? If so...

 

Go to the controller GUI>configuration>advanced services/stateful firewall> and disable "prohibit ip spoofing".

 

You might also need to turn of "enforce dhcp" in the VAP or AAA (depending on code level) profile.

 

Does the problem go away? It sounds like the client is transmitting IP packets in a sub-optimum manner.

 

What version of software is the controller running, and is this an Android device?

 

If memory serves, some older versions of code did have a challenge with Android devices especially (and some others) that transmitted IP frames immediately (sometimes relevate to completely different previously connected networks) without transmitting DHCP first.

Kudos appreciated, but I'm not hunting! (ACMX 104)
Occasional Contributor I
Posts: 6
Registered: ‎03-26-2013

Re: How to create Whitelist

yes its legitimate user,

 

my firmware controller version 6.1.3 and user device use android and some time using notebook win 7 is same.

now , i used 2 vlan (vlan A and B with different server) in one SSID. and i think user often to VLAN A, can i load balance with 2 vlan maybe! or whos vlan respone time is fast so user used this vlan.

 

Thanks you

MVP
Posts: 562
Registered: ‎11-28-2011

Re: How to create Whitelist

So, my suggestions resolved your first issue yes?

 

I'm not 100% clear on what you're asking in the next point.

 

However, if you're asking can you use two VLANs with one SSID, then yes. You simply add both VLAN numbers to the VAP profile. And then there further ways to configure it, depending on what you're trying to achieve.

 

I'm not sure of the significance of the 2 servers you mentioned. What servers? Doing what? Are these relevant to your configurations?

 

If you have 2 VLANs in a VAP, the clients are put into either one based on a hash of their mac address (so you should think of this as random). This is partially load-balanced, but it's not 100% predictable. There are other ways to do things, but you need to clearly layout your objectives, constraints and solution scale to work out what's best.

 

In terms of "vlan response time", how would you envisage measuring this?

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Search Airheads
Showing results for 
Search instead for 
Did you mean: