Controllerless Networks

Hi,

 

We got a problem here. one generic user id is being used to connect to wifi. We need to block that particular ID from connecting to wifi. Is there any way we can block a "user id" used to connecting to wifi?

 

Thank you

 

Rgds,

Jay

What are you using for a RADIUS server? Is this an Active Directory account?

Hi Tim,

 

Yes, we have radius server and also its an AD account.

 

We need to block a particular user id from connecting to wifi alone. This id is being used by a group of people for desktops.

 

Thanks,

 

Rgds,

Jay

OK. Are you using Microsoft NPS for your RADIUS server? The easiest way to block them would be to create a new connection rule that blocks access for that user account.

We are using Cisco ACS 5.4 for Radius authentication. Any commands we can execute to block it in IAP level?

 

Hi,

 

Any solution identified / suggestions?

 

In the Instant UI
1. Click the Security link from the top right corner of the Instant main window.
2. Click the Blacklisting tab.
3. Under the Manual Blacklisting, click New .
4. Enter the MAC address of the client to be blacklisted in the MAC address to add text box.
5. Click OK. The Blacklisted Since tab displays the time at which the current blacklisting has started for the client.
6. To delete a client from the manual blacklist, select the MAC Address of the client under the Manual Blacklisting,
and then click Delete.

 

In the CLI
To blacklist a client:

(Instant Access Point)(config)# blacklist-client <MAC-Address>
(Instant Access Point)(config)# end
(Instant Access Point)# commit apply

 

To view the blacklisted clients:

(Instant Access Point)# show blacklist-client

 

Hi Tim,

 

Thank you for sharing the steps for blacklisting the client. 

 

But my question is, is there any possibilities to block a particular user account. 

 

We have one generic user account, people are using this account to access the wifi. Interns, we are clueless to identify the user who is utilising more BW. We would like to block this particular "Generic Account" from connecting to wifi.

 

Is there any possible way in IAP that we can restrict access via a specific user account?

 

Thank you.

 

Try something like this:

 

Hi Marcus,

 

I Am using AD intergrated Radius server. i think i cant disable the Radius authentication in the ACS, it might get things complicated. But am not sure to do that.

 

Thank you.

Jay

Hi Tim,

 

Thank you for sharing the screenshots. Am using IAP 135 firmware  Version 6.4.0.2-4.1.0.0. 

 

I created the Role named "denyall" and assigned the Access rule as mentioned. But i am unable to find the "Role Assignment rule" window to restrict the user name. 

 

Can i add this rule under "Walled Garden"  tab?

 

Please suggest.

 

Thank you.

Jay

If you click the edit button next to the SSID name, it should be on tab 4 under access. You'll need to have role-based access selected.

Hi Tim,

 

Got it.. Thank you. Will create the access and see if its working. Will udpate you as soon as i done the testing.

 

Thank you.

Jay :)