Hi I have a question is it possible to remove or block a mobile device from my network. For instance if I see an iPhone connected to my iPad network I have the 3200XM controller?
(controller) #aaa user delete ?A.B.C.D Match IP addressall Delete all users. Can take upto 5 mins if there are large number of users getting deletedap-ip-addr Match AP IP addressap-name Match AP namemac Match MAC addressname Match user namerole Match role name
There would'nt be a large amount maybe 1 a week if that I'm just looking where on the controller to do that. I did find where I can blacklist the IP and MAC.
Sorry but I dont understand what you are trying to do
Sorry what I want to do is block a studnet from connecting a device other than their iPad to the wireless network. So if I see an iPhone etc on the network I can block it. I hope this helps.
Also I would like to know how to permanitly block a MAC address from connecting to the wireless network.
Do you have ClearPass ?, but if you don't there's other options.
If you want just block one mac address then all you have to do the following to blacklist that client :
(controller) #stm add-blacklist-client <client mac>
If you want to block several iPhones then you have to do the following :
- You can create a user-role that has a deny all and then you can force all the iPhones based on the dhcp option(fingerprint) to be blocked
1- You need enable logging level debugging network subcat dhcp and this will give you the dhcp options for the iPhones
Do a show log network all | include <mac address of the iPhone>
Apr 22 12:00:53 dhcpdwrap: <202536> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan233: REQUEST 12:ac:bc:45:84:89 reqIP=10.10.33.10 Options 37:0103060f77fc
2- Once you have that you can create a derivation rule to put the iPhone on the user-role that denies everything
aaa derivation-rules user "test"set role condition dhcp-option contains "37:0103060f77fc" set-value "deny-role" position "1" description "deny-iphone"
This is exactly what I want to do and I have done it but it only lasts for 60 minutes and then its unblocked is there a way to permanently block it?
Please see the entry here: https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1420
Perfect Thank you,
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.