How do you Bar devices from a Wireless Manager WLAN


Hi we broadcast a Guest SSID with a low value passkey, the idea is that most people can use it. However we have some folk who like to abuse this facility. Is there any way to bar users, using the mac address perhaps ?

14 replies

Userlevel 4
You can add MAC addresses to a blacklist on the controller by going to AP>Global>Client Management>Whitelist/Blacklist, however i'm not sure if there is a way to apply it to a specific SSID.
Userlevel 7
It's a global list with up to 768 MACs.

https://gtacknowledge.extremenetworks.com/articles/Q_A/How-many-blacklist-whitelist-mac-addresses-ar...
Thank you I am using WM5.5. and cannot find the ap>global> etc
Userlevel 4
Which controller and firmware are you using? The setting i was referring to is found directly on the controller webUI, I'm not sure if you can do the same thing via wireless manager.
WM3700 3.41
Userlevel 4
Jamiea wrote:

WM3700 3.41

Apologies but I'm not familiar with that product. I also can't seem to find the User Manual for it on the product page. Maybe someone from Extreme can speak to this.
Userlevel 6
Jamiea wrote:

WM3700 3.41

This is a Summit WM3700 Wireless LAN Controller running WiNG firmware.
Userlevel 4
try the following... association-acl-policy CLIENT-BLACKLIST permit 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000 Add that to the WLAN config via the cli use association-acl-policy CLIENT-BLACKLIST
Userlevel 5
In WiNG you could bar unwanted MAC addresses by going to Configuration >> Wireless >> Association ACL >> Add (to create a new ACL) >> Add row/s to create rules >> Save

Once done you must apply the ACL to the WLAN you'd like to use it on by going to Configuration >> Wireless >> Select the WLAN you want to apply it to >> Firewall >> Association ACL >> Select the ACL you created earlier >> OK >> Commit and Save.
Hi Thank you I tried this with 30 odd addresses but it killed the WiFi I had 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000 Allow and the others were precenence 1-33
Userlevel 4
Jamiea wrote:

Hi Thank you I tried this with 30 odd addresses but it killed the WiFi I had 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000 Allow and the others were precenence 1-33

When you say it killed the wifi, please explain what happens .....
Userlevel 4
what does your association ACL look like? can you paste a copy for review? does your association acl look something like this... association-acl-policy CLIENT-BLACKLIST deny 78-0C-B8-F6-D3-9E 78-0C-B8-F6-D3-9E precedence 1 deny 1C-1D-86-70-0D-7E 1C-1D-86-70-0D-7E precedence 2 deny 28-C6-8E-10-79-12 28-C6-8E-10-79-12 precedence 3 permit 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000 !
Userlevel 5
For the "Allow All" rule please try using the following Starting and Ending MAC addresses: 00-00-00-00-01:FF-FF-FF-FF-FE
http://oi63.tinypic.com/33ws1s1.jpg

Reply