Wireless Access

Reply
Contributor II
Posts: 53
Registered: ‎11-20-2012

Removing a user

[ Edited ]

Hi I have a question is it possible to remove or block a mobile device from my network. For instance if I see an iPhone connected to my iPad network I have the 3200XM controller?

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Removing a user

 

(controller) #aaa user delete ?
A.B.C.D Match IP address
all                    Delete all users. Can take upto 5 mins if there are
                        large number of users getting deleted
ap-ip-addr     Match AP IP address
ap-name       Match AP name
mac                Match MAC address
name             Match user name
role                 Match role name

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 53
Registered: ‎11-20-2012

Re: Removing a user

There would'nt be a large amount maybe 1 a week if that I'm just looking where on the controller to do that. I did find where I can blacklist the IP and MAC.

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Removing a user

 

Sorry but I dont understand what you are trying to do

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 53
Registered: ‎11-20-2012

Re: Removing a user

[ Edited ]

Sorry what I want to do is block a studnet from connecting a device other than their iPad to the wireless network. So if I see an iPhone etc on the network I can block it. I hope this helps.

 

Also I would like to know how to permanitly block a MAC address from connecting to the wireless network.

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Removing a user

 

Do you have ClearPass ?, but if you don't there's other options.

 

If you want just block one mac address then all you have to do the following to blacklist that client :

 

(controller) #stm add-blacklist-client <client mac>

 

If you want to block several iPhones then you have to do the following :

 

- You can create a user-role that has a deny all and then you can force all the iPhones based on the dhcp option(fingerprint) to be blocked

 

1- You need enable logging level debugging network subcat dhcp and this will give you the dhcp options for the iPhones

 

Do a show log network all | include <mac address of the iPhone>

Apr 22 12:00:53  dhcpdwrap[3457]: <202536> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan233: REQUEST 12:ac:bc:45:84:89 reqIP=10.10.33.10 Options 37:0103060f77fc

 

2- Once you have that you can create a derivation rule to put the iPhone on the user-role that denies everything

aaa derivation-rules user "test"
set role condition dhcp-option contains "37:0103060f77fc" set-value "deny-role" position "1" description "deny-iphone"

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 53
Registered: ‎11-20-2012

Re: Removing a user

If you want just block one mac address then all you have to do the following to blacklist that client :

 

(controller) #stm add-blacklist-client <client mac>

 

This is exactly what I want to do and I have done it but it only lasts for 60 minutes and then its unblocked is there a way to permanently block it?

Thank you,

Guru Elite
Posts: 21,493
Registered: ‎03-29-2007

Re: Removing a user

Please see the entry here:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1420

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 53
Registered: ‎11-20-2012

Re: Removing a user

Perfect Thank you,

Search Airheads
Showing results for 
Search instead for 
Did you mean: