Thanks for the extra clarification. I incorrectly presumed you used "mac" in reference to macOS devices rather than security by mac address.
First point for mac address based filtering/allow-listing: as a mechanism that can be easily bypassed, the adminsitrative effort typically outweighs the benefit of implementing such a solution. Recommended approaches would instead be to strengthen the authentication to utilize something like non-exportable certificates on the devices in combination with device profiling in order to trigger notification if/when a credential is compromised and used on a device other than what it was expected to associated with. This would typically require an additional service such as ClearPass and/or a 3rd party MDM (Mobile Device Manager) for handling the approved device configuration.
For the functionality you've inquired about, the feature to be added to your SSID(s) is "mac authentication". The mac auth can be performed against the controller's built-in user database in order to not require any additional hardware. The approved mac-addresses would be added to the user database, with the approved mac-address being both the username and the password for the device. The approved devices should be mapped to the appropriate user role that approved devices should have. The default role for the SSID/wlan may be changed to something more restrictive, so that any user that is not successfully authenticated via mac-auth is left with minimal access to the SSID.
To provide more detailed assistance on the configuration beyond the high level flow above, please provide the AOS firmware version currently running on the 7205 as well as any specific questions you have after reading the above.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Feb 22, 2022 12:40 PM
From: İbrahim Kutlu
Subject: white list
Actually, I work at the hospital. There is a domain in my production. There are dhcp servers in it. There are 70 AP and one 7205 controls. Especially after rooting the mobile phones, it is not possible to block macs via dhcp server. I want macs defined via controlur to be included in the network. Undefined macs cannot connect to wifi .
------------------------------
İbrahim Kutlu
Original Message:
Sent: Feb 22, 2022 10:46 AM
From: Charlie Clemmer
Subject: white list
Ibrahim, we would need more info to be able to assist.
How is the SSID that the Macs should be connecting to configured, ie what security mechanism/protocol? Since you mentioned allow listing, is this a PSK secured network, or simply performing mac-authentication?
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Feb 21, 2022 08:02 AM
From: İbrahim Kutlu
Subject: white list
hello, I have 70 APs and 1 controller. I don't know much about how to whitelist to manage macs on the network. I would appreciate if you could help.
------------------------------
İbrahim Kutlu
------------------------------