Controllerless Networks

last person joined: 21 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP 225 Manually Blacklist Limit of 128?

This thread has been viewed 2 times

  • 1.  IAP 225 Manually Blacklist Limit of 128?

    Posted Nov 18, 2015 01:53 PM

    I am manually blacklisting clients on my IAP 225 and I just received an error that Blacklist cannot support more than 128 clients?  How can I blacklist all the external devices on my wireless AP?


    #AP225


  • 2.  RE: IAP 225 Manually Blacklist Limit of 128?

    EMPLOYEE
    Posted Nov 18, 2015 02:06 PM
    Switch to username and password authentication. Mac authentication is only viable when you are blacklisting a few clients.


  • 3.  RE: IAP 225 Manually Blacklist Limit of 128?

    Posted Nov 18, 2015 02:08 PM

    How would I do that?  And can I only require that for certain devices?  Thanks so much for your help!



  • 4.  RE: IAP 225 Manually Blacklist Limit of 128?

    EMPLOYEE
    Posted Nov 18, 2015 02:24 PM

    Do you have active directory?  If not, what do you use to authenticate users?

     

     



  • 5.  RE: IAP 225 Manually Blacklist Limit of 128?

    Posted Nov 18, 2015 02:25 PM

    Yes, I have active directory.  We are 1:1 with iPads also, so I would want their iPads to automatically connect, but I don't want them to be able to connect with their phones, iPod Touches, etc. at all.  Is that possible?  Thanks!



  • 6.  RE: IAP 225 Manually Blacklist Limit of 128?

    Posted Nov 19, 2015 01:04 PM

    Anybody have any solutions to this? 

     

    Thanks!!



  • 7.  RE: IAP 225 Manually Blacklist Limit of 128?

    EMPLOYEE
    Posted Nov 20, 2015 08:00 AM

    Sarusk,

     

    You are blocking 128 devices.  Why don't you do the reverse and use mac authentication to only allow the devices that you want on the network?  http://community.arubanetworks.com/t5/Controller-less-WLANs/How-do-I-enable-MAC-authentication-in-Aruba-Instant-using/ta-p/181302

     

     



  • 8.  RE: IAP 225 Manually Blacklist Limit of 128?

    Posted Jan 19, 2016 12:59 PM

    Thanks for your response Colin.  I have put this on the back burner and am just getting back to it.  I followed the link to the information you provided, and just have a few questions I hope you can help with.  I am running PC's, Chromebooks, iPads, and MacBooks in my school.  What does it mean by InternalDB?  I'm trying to figure out how they would authenticate, and how it would keep them from authenticating on their phones and other devices that don't belong to the school.  Thanks so much for your help!



  • 9.  RE: IAP 225 Manually Blacklist Limit of 128?

    EMPLOYEE
    Posted Jan 19, 2016 01:50 PM

    You probably need to figure out what is the shorter list:

     

    - The devices that you want to allow on to your network,

    - The devices that you want to keep off of the network

     

    If the devices that you want to allow is fairly short, you can add their mac addresses to the internal database and only those devices will be let on.

    If the devices you want to keep off is fairly short (I'm sure it is not), you can add them to the list of blacklisted devices, so that they can never get on.

     

    If you are already at 128, you need a more scalable solution like ClearPass to manage those devices and possibly Onboard within ClearPass to only allow certain BYOD devices onto your network.  

     

    For now, if you configure one of your Windows Servers as a radius server and authenticate using username and password, that will at least only allow authorized people who have valid credentials onto your wireless network.  You can optionally put individuals who are authorized into a Windows group and allow them to get onto the network, but that will get as tiresome as managing mac addresses.  Ultimately, I suspect you will just let everyone on who has domain credentials, because anything else is too mangement-intensive.