Wireless Access

I'm looking for some guidance on managing MAC addresses on our hospitality access points (APs). Specifically, I need to:

1. Block a MAC Address on an AP Port: We want to block a rogue AP's MAC address if detected on our network. On our wired ports, we achieve this by adding a drop rule to the MAC address table on the switch. Is there a similar method to block a MAC address on the AP or controller, either for all ports on a single AP or across all APs in a group?
2. Limit Connections to One MAC per Port: We want to prevent switches from being connected to our AP ports by restricting each port to a single MAC address. We use port security to accomplish this on our wired ports. Is there a way to implement this on a hospitality AP?

Any advice or solutions would be greatly appreciated!

Implement 802.1X or MAC auth for the wired profiles to restrict what can connect.

I'm looking for some guidance on managing MAC addresses on our hospitality access points (APs). Specifically, I need to:

1. Block a MAC Address on an AP Port: We want to block a rogue AP's MAC address if detected on our network. On our wired ports, we achieve this by adding a drop rule to the MAC address table on the switch. Is there a similar method to block a MAC address on the AP or controller, either for all ports on a single AP or across all APs in a group?
2. Limit Connections to One MAC per Port: We want to prevent switches from being connected to our AP ports by restricting each port to a single MAC address. We use port security to accomplish this on our wired ports. Is there a way to implement this on a hospitality AP?

Any advice or solutions would be greatly appreciated!

So, if I enable MAC auth, would I be able to allow access to all new MACs and then block a MAC later on if needed?  

Implement 802.1X or MAC auth for the wired profiles to restrict what can connect.

I'm looking for some guidance on managing MAC addresses on our hospitality access points (APs). Specifically, I need to:

1. Block a MAC Address on an AP Port: We want to block a rogue AP's MAC address if detected on our network. On our wired ports, we achieve this by adding a drop rule to the MAC address table on the switch. Is there a similar method to block a MAC address on the AP or controller, either for all ports on a single AP or across all APs in a group?
2. Limit Connections to One MAC per Port: We want to prevent switches from being connected to our AP ports by restricting each port to a single MAC address. We use port security to accomplish this on our wired ports. Is there a way to implement this on a hospitality AP?

Any advice or solutions would be greatly appreciated!

Assuming the RADIUS server used supports such, yes.

So, if I enable MAC auth, would I be able to allow access to all new MACs and then block a MAC later on if needed?  

Implement 802.1X or MAC auth for the wired profiles to restrict what can connect.

I'm looking for some guidance on managing MAC addresses on our hospitality access points (APs). Specifically, I need to:

1. Block a MAC Address on an AP Port: We want to block a rogue AP's MAC address if detected on our network. On our wired ports, we achieve this by adding a drop rule to the MAC address table on the switch. Is there a similar method to block a MAC address on the AP or controller, either for all ports on a single AP or across all APs in a group?
2. Limit Connections to One MAC per Port: We want to prevent switches from being connected to our AP ports by restricting each port to a single MAC address. We use port security to accomplish this on our wired ports. Is there a way to implement this on a hospitality AP?

Any advice or solutions would be greatly appreciated!

We are using ClearPass so it should support it.  Thank you!

Is it possible to limit the number of MACs on a port?  I found documentation for enabling this on an Aruba switch but not for an AP.

Assuming the RADIUS server used supports such, yes.

So, if I enable MAC auth, would I be able to allow access to all new MACs and then block a MAC later on if needed?  

Implement 802.1X or MAC auth for the wired profiles to restrict what can connect.

I'm looking for some guidance on managing MAC addresses on our hospitality access points (APs). Specifically, I need to:

1. Block a MAC Address on an AP Port: We want to block a rogue AP's MAC address if detected on our network. On our wired ports, we achieve this by adding a drop rule to the MAC address table on the switch. Is there a similar method to block a MAC address on the AP or controller, either for all ports on a single AP or across all APs in a group?
2. Limit Connections to One MAC per Port: We want to prevent switches from being connected to our AP ports by restricting each port to a single MAC address. We use port security to accomplish this on our wired ports. Is there a way to implement this on a hospitality AP?

Any advice or solutions would be greatly appreciated!

AP wired port is handled differently than switch ports, more like a wireless network.  I would recommend experimenting with the setup to see actual behavior and then determine if any other actions are required.

We are using ClearPass so it should support it.  Thank you!

Is it possible to limit the number of MACs on a port?  I found documentation for enabling this on an Aruba switch but not for an AP.

Assuming the RADIUS server used supports such, yes.

So, if I enable MAC auth, would I be able to allow access to all new MACs and then block a MAC later on if needed?  

Implement 802.1X or MAC auth for the wired profiles to restrict what can connect.

I'm looking for some guidance on managing MAC addresses on our hospitality access points (APs). Specifically, I need to:

1. Block a MAC Address on an AP Port: We want to block a rogue AP's MAC address if detected on our network. On our wired ports, we achieve this by adding a drop rule to the MAC address table on the switch. Is there a similar method to block a MAC address on the AP or controller, either for all ports on a single AP or across all APs in a group?
2. Limit Connections to One MAC per Port: We want to prevent switches from being connected to our AP ports by restricting each port to a single MAC address. We use port security to accomplish this on our wired ports. Is there a way to implement this on a hospitality AP?

Any advice or solutions would be greatly appreciated!