I know im going to be talking about Extremes competition, but we used to have Rucks wifi where i work. We had a lot of AP’s, as well as an onsite ZoneDirector.
if i found a client/device was doing something i didnt like, under the client/device view, i could click on a “x” next to the device i wanted to block, and it would block it. It would stay blocked from wifi until i deleted the device.
Why doesnt Extreme have a way to do that? really.
My understanding is that I have to create an Access List, add the client in there (by MAC address obviously), and then push that out to EVERY AP we have… right?
So, any plans on making this process a hell of a lot easier. Like what Ruckus does?
Best answer by Ovais Qayyum
One of the reasons why it is done the way it is in ExtremeCloud IQ is due to the difference in the WiFi solution architecture. ExtremeCloud IQ is based on distributed architecture where APs will enforce the network functions like FW rules, ACLs, Bandwidth throttle, Application Visibility and Control etc. at the edge of the network. Hence, you need to push the ACLs down to the APs where all the unwanted traffic is dropped.
As far as I know (unless Zone Directors have dramatically changed) this is done differently in Ruckus only because its based on centralized architecture and the Zone Director enforces the policies, the traffic needs to be inspected by the controller for it to be able to either allow/deny, apply bandwidth and application policies etc. Therefore, you only need to block a client on the controller and not create an ACL and push it to the APs.
It may be easier but dropping unwanted traffic at the edge of the network i.e. on the AP is a lot more secure and efficient instead of letting it traverse the network to reach the controller and then drop it.