Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Removing a user

Jump to Best Answer
  • 1.  Removing a user

    Posted Apr 22, 2013 10:01 AM

    Hi I have a question is it possible to remove or block a mobile device from my network. For instance if I see an iPhone connected to my iPad network I have the 3200XM controller?


    #3200


  • 2.  RE: Removing a user

    Posted Apr 22, 2013 10:06 AM

     

    (controller) #aaa user delete ?
    A.B.C.D Match IP address
    all                    Delete all users. Can take upto 5 mins if there are
                            large number of users getting deleted
    ap-ip-addr     Match AP IP address
    ap-name       Match AP name
    mac                Match MAC address
    name             Match user name
    role                 Match role name



  • 3.  RE: Removing a user

    Posted Apr 22, 2013 10:19 AM

    There would'nt be a large amount maybe 1 a week if that I'm just looking where on the controller to do that. I did find where I can blacklist the IP and MAC.



  • 4.  RE: Removing a user

    Posted Apr 22, 2013 10:22 AM

     

    Sorry but I dont understand what you are trying to do



  • 5.  RE: Removing a user

    Posted Apr 22, 2013 10:36 AM

    Sorry what I want to do is block a studnet from connecting a device other than their iPad to the wireless network. So if I see an iPhone etc on the network I can block it. I hope this helps.

     

    Also I would like to know how to permanitly block a MAC address from connecting to the wireless network.



  • 6.  RE: Removing a user

    Posted Apr 22, 2013 12:16 PM

     

    Do you have ClearPass ?, but if you don't there's other options.

     

    If you want just block one mac address then all you have to do the following to blacklist that client :

     

    (controller) #stm add-blacklist-client <client mac>

     

    If you want to block several iPhones then you have to do the following :

     

    - You can create a user-role that has a deny all and then you can force all the iPhones based on the dhcp option(fingerprint) to be blocked

     

    1- You need enable logging level debugging network subcat dhcp and this will give you the dhcp options for the iPhones

     

    Do a show log network all | include <mac address of the iPhone>

    Apr 22 12:00:53  dhcpdwrap[3457]: <202536> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan233: REQUEST 12:ac:bc:45:84:89 reqIP=10.10.33.10 Options 37:0103060f77fc

     

    2- Once you have that you can create a derivation rule to put the iPhone on the user-role that denies everything

    aaa derivation-rules user "test"
    set role condition dhcp-option contains "37:0103060f77fc" set-value "deny-role" position "1" description "deny-iphone"

     

     



  • 7.  RE: Removing a user

    Posted Apr 22, 2013 01:02 PM

    If you want just block one mac address then all you have to do the following to blacklist that client :

     

    (controller) #stm add-blacklist-client <client mac>

     

    This is exactly what I want to do and I have done it but it only lasts for 60 minutes and then its unblocked is there a way to permanently block it?

    Thank you,



  • 8.  RE: Removing a user
    Best Answer

    Posted Apr 22, 2013 01:06 PM


  • 9.  RE: Removing a user
    Best Answer

    Posted Apr 22, 2013 01:18 PM

    Perfect Thank you,