04-21-2017 02:17 AM
we have a setup with multiple ssid's on the same controller.
One of the ssid's (simple wpa2 authentication) has devices which do not belong there (the wpa2 key has been 'communicated').
Blacklisting a mac completely blocks access to every ssid. I basically want to prevent those devices from accessing that specific ssid (let's call it my-mgmt for now)
I believe this can be done by using a derivation-rule. So by tying an aaa profile containing something like :
aaa profile "my-mgmt-aaa_prof"
aaa derivation-rules user "my-mgmt-rule"
set role condition macaddr does-not-equal 8c:70:5a:10:89:24 set-value "authenticated"
set role condition macaddr does-not-equal 64:20:0c:78:de:86 set-value "authenticated"
So i basically allow every device to authenticate, except those specific mac's.
Does this makes sense?
Solved! Go to Solution.
04-21-2017 03:41 AM
It definitely works, but adding, deleting and searching for mac addresses, or even remembering why they are there can become a problem at scale...
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.