Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Blacklist AP wired port client

This thread has been viewed 2 times

  • 1.  Blacklist AP wired port client

    Posted Oct 07, 2020 10:45 AM

    Hi guys,

     

    If I wanted to blacklist a MAC address from connecting via an AP wired port how would this be done? Would it be covered by the usual blacklist client option or does that only apply to wireless connections? We don't have auth on the wired ports and there is a device that I need to kick off. This is on AOS 6.5.

     

    Thanks.



  • 2.  RE: Blacklist AP wired port client

    MVP GURU
    Posted Oct 09, 2020 09:31 PM

    How is the wired port set up as far as auth?

     

     



  • 3.  RE: Blacklist AP wired port client

    Posted Oct 10, 2020 05:15 AM

    No auth currently, just tunnelled back to the controller on specific VLAN for all APs in that AP group. We are planning to implement Clearpass in future so this will get fixed but currently it is a bit of a pain. At the moment we have blacklisted the device on our DHCP server which is enough to kick off your average user.

     

    I did notice it would be possible to build AAA profile for the ports and just use MAC auth? Although I'm not sure how this works when just wanting to black list a client rather than maintaining a white list as obviously at the moment we have no whitelist so if we enable any auth that blocks by default it will affect other legitimate devices that might get plugged in.

     

    Thanks.



  • 4.  RE: Blacklist AP wired port client
    Best Answer

    EMPLOYEE
    Posted Oct 10, 2020 06:08 AM

    Unfortunately, unless you are doing mac auth for all of your clients on the wired network, and stop that client, it is not possible to stop that device.  Blacklisting is only for wireless clients.