White Listing Xbox

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Students on the campus are asking if Xbox can be made to work on wireless. I've done a bit of research and spoken to someone at Microsoft and the problem seems to be that when an Xbox connects it wants to talk to Xbox Live before it will open Internet Explorer. However we want the user to sign in with Internet Explorer before we give them internet access... a bit of a chicken and egg situation.

The work-around suggested is to whitelist the MAC address of the Xbox and register whose device it is. I've searched in help and cant see where I would do this (I can only see mention of blacklisting).

Does Extreme support whitelisting, if so where is it? Or has anyone setup their wireless to support Xbox?

Its not a high priority for us, but I'm open to the idea because gaming uses much less bandwidth than streaming video and it may help take some of the strain off the APs in peak evening periods.
Photo of Colin Steadman

Colin Steadman

  • 524 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,846 Points 20k badge 2x thumb
Hi Colin,

technically it's possible to whitelist clients BUT it's a global command which would mean that you'd need to add ALL clients that are allowed on the WLAN to the whitelist..... you don't want to do that :-)

https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-I-use-Whitelist-function-of-IdentiFi-cont...

Also the list max. client count is 768 which isn't a lot in a big installation...
https://gtacknowledge.extremenetworks.com/articles/Q_A/How-many-blacklist-whitelist-mac-addresses-ar...

Solution: use NAC
NAC could fingerprint the XBOX and put it in a role with only limited access till the client authenticates on the guest page.

-Ron
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,846 Points 20k badge 2x thumb
mmmmhh, I've thought about it.... so the SSID is PSK and then a guest portal solution to get full access?!

If you permit the XBox Live IP in the non-authenticated role it should work.

-Ron
Photo of Colin Steadman

Colin Steadman

  • 524 Points 500 badge 2x thumb
Thanks Ronald, I'll have a play with this idea. Colin.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,846 Points 20k badge 2x thumb
I've tried it and wasn't able to find all the IPs for the service.

The magic of Netsight Purview show that the XBOX One is accessi a lot of services/servers during the logon sequence.

So NAC all the way - I'd sell you one and also install it :-)



-Ron
Photo of Verus

Verus

  • 300 Points 250 badge 2x thumb
We have the same problem with RADAR (firmware 09.21.02.0014).
Some clients (wifi phones) get disconnected.
This is the explanation: https://gtacknowledge.extremenetworks.com/articles/Solution/With-9-21-firmware-and-Radar-enabled-cli...

It is ridiculous that we need to "fix" the clients as the problem is with RADAR.
It should be a default functionality that you can WHITELIST SINGLE clients.
According to this explanation that's not possible:
https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-I-use-Whitelist-function-of-IdentiFi-cont...

Or we have to install NAC ? ==> extra $$ ?? No way, whitelisting a single client should be a default functionality.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,846 Points 20k badge 2x thumb
I don't think that a whitelist would help you in that case.

I'd assume that if RADAR detect the client as the source of a DDOS attack that the client would be moved from whitelist to blacklist to deny the attack.
Photo of Verus

Verus

  • 300 Points 250 badge 2x thumb
If a whitelist would exist for adding single clients, then the purpose is that RADAR ignores those clients if it detects something like a (false) attack.
Now I had to disable a radar prevention setting.
We had problems with wifi phones and laptops, older and new equipment.
This way of working is not stable for our users and one of our directors had this problem with his new laptop, all drivers up to date.
If the people who decide where to invest money have a problem with some kind of technology, you can be sure that they won't invest in that piece of technology in the future.
(Edited)
Photo of Drew C.

Drew C., Community Manager

  • 39,374 Points 20k badge 2x thumb
Hi Verus, Have you opened a case with GTAC to help ensure there's not something else that can be done?
Photo of Verus

Verus

  • 300 Points 250 badge 2x thumb
There was a case and we have the possibility to disable the blacklist action but that's a solution for the result that we can't whitelist ONE client so I don't think that's a good solution because the blacklist action is a RADAR feature we would like to use.
I would prefer the possibility to whitelist one single client.
Whitelisting single clients is a (pretty default) setting that exists for a long time in a lot of software but not in this and that is a shortage.


Answer from extreme networks: ...Since we are not sure the frequency of the probes, the simplest config change is to disable this blacklist action. You can do this through controller cli and this setting will be preserved through reboots and upgrades. Before making the cli change, can you confirm the client is placed in the blacklist on detection of excessive probes...

Photo of Drew C.

Drew C., Community Manager

  • 39,374 Points 20k badge 2x thumb
Do you know if a feature request was created for this?
Photo of Verus

Verus

  • 300 Points 250 badge 2x thumb
No, I don't think so.
Maybe they read this also ??
Photo of Drew C.

Drew C., Community Manager

  • 39,374 Points 20k badge 2x thumb
You'd need to open a case to make a feature request.
How to contact Extreme Networks Global Technical Assistance Center (GTAC)