Security

Blacklisting per SSID possible? We have three different SSID's and the problem is that students keep accessing our teacher network on personal devices. I have a Guest Network that use LDAP with a Captive Portal for BYOD, I was wondering If I could block a device on the teacher network so the student would be forced to use the Guest Network. Currently I blacklist devices (only phones) until the student seeks help on why they can't connect at all. I don't mind managing this process by hand if I need to enter MAC's into a list that's not allowed to connect to the Teacher Network.

 

Teacher Network = Radius

Guest Network = Captive Portal

Third SSID = HIdden + Passphrase

 

Controller 7210

6.4.1.0

 

 

Thanks

#7210

You would either have to use logic on your RADIUS server or use something like UDRs to put users into a deny role.

Thanks Tim,

 

I'm looking into  UDR's, I found some metrial on the setup and i'm going to give it a shot.

 

Joe

I can't seem to change the user's role to denyall with UDR.

 

Authentication > Servers > Server Group > server_group_name

Click New under Server Rules and fill in the blanks:

Condition = macaddr

Operation = equals

operand = aa:bb:cc:dd:ee:ff

Action = set role

Value = denyall

 

This is not working to block access to my teacher network.

Did you select the UDR in the AAA profile for that SSID?

Thanks Tim, you pointed me in the right direction and now it's working great.