How do you Bar devices from a Wireless Manager WLAN

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hi we broadcast a Guest SSID with a low value passkey, the idea is that most people can use it. However we have some folk who like to abuse this facility. Is there any way to bar users, using the mac address perhaps ?
Photo of Jamiea

Jamiea

  • 110 Points 100 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Joshua Puusep

Joshua Puusep

  • 2,274 Points 2k badge 2x thumb
You can add MAC addresses to a blacklist on the controller by going to AP>Global>Client Management>Whitelist/Blacklist, however i'm not sure if there is a way to apply it to a specific SSID.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,884 Points 20k badge 2x thumb
Photo of Jamiea

Jamiea

  • 110 Points 100 badge 2x thumb
Thank you I am using WM5.5. and cannot find the ap>global> etc
Photo of Joshua Puusep

Joshua Puusep

  • 2,274 Points 2k badge 2x thumb
Which controller and firmware are you using?  The setting i was referring to is found directly on the controller webUI, I'm not sure if you can do the same thing via wireless manager.
Photo of Jamiea

Jamiea

  • 110 Points 100 badge 2x thumb
WM3700 3.41
Photo of Joshua Puusep

Joshua Puusep

  • 2,274 Points 2k badge 2x thumb
Apologies but I'm not familiar with that product.  I also can't seem to find the User Manual for it on the product page.  Maybe someone from Extreme can speak to this.
Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,580 Points 4k badge 2x thumb
This is a Summit WM3700 Wireless LAN Controller running WiNG firmware.
(Edited)
Photo of Shay Weir

Shay Weir

  • 1,648 Points 1k badge 2x thumb
try the following...

association-acl-policy CLIENT-BLACKLIST
permit 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000

Add that to the WLAN config via the cli
use association-acl-policy CLIENT-BLACKLIST
Photo of Christoph S.

Christoph S., Employee

  • 3,230 Points 3k badge 2x thumb
In WiNG you could bar unwanted MAC addresses by going to Configuration >> Wireless >> Association ACL >> Add (to create a new ACL) >> Add row/s to create rules >> Save

Once done you must apply the ACL to the WLAN you'd like to use it on by going to Configuration >> Wireless >> Select the WLAN you want to apply it to >> Firewall >> Association ACL >> Select the ACL you created earlier >> OK >> Commit and Save. 
Photo of Jamiea

Jamiea

  • 110 Points 100 badge 2x thumb
Hi Thank you I tried this with 30 odd addresses but it killed the WiFi I had  00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000  Allow and the others were precenence 1-33
Photo of Shay Weir

Shay Weir

  • 1,648 Points 1k badge 2x thumb
When you say it killed the wifi, please explain what happens .....
Photo of Shay Weir

Shay Weir

  • 1,648 Points 1k badge 2x thumb
what does your association ACL look like? can you paste a copy for review?
does your association acl look something like this...

association-acl-policy CLIENT-BLACKLIST
deny 78-0C-B8-F6-D3-9E 78-0C-B8-F6-D3-9E precedence 1
deny 1C-1D-86-70-0D-7E 1C-1D-86-70-0D-7E precedence 2
deny 28-C6-8E-10-79-12 28-C6-8E-10-79-12 precedence 3
permit 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000
!
Photo of Christoph S.

Christoph S., Employee

  • 3,230 Points 3k badge 2x thumb
For the "Allow All" rule please try using the following Starting and Ending MAC addresses: 00-00-00-00-01:FF-FF-FF-FF-FE
Photo of Jamiea

Jamiea

  • 110 Points 100 badge 2x thumb