Header Only - DO NOT REMOVE - Extreme Networks

How do you Bar devices from a Wireless Manager WLAN

J
Hi we broadcast a Guest SSID with a low value passkey, the idea is that most people can use it. However we have some folk who like to abuse this facility. Is there any way to bar users, using the mac address perhaps ?

14 replies

J
Userlevel 4
You can add MAC addresses to a blacklist on the controller by going to AP>Global>Client Management>Whitelist/Blacklist, however i'm not sure if there is a way to apply it to a specific SSID.
Ronald Dvorak
Userlevel 7
It's a global list with up to 768 MACs.

https://gtacknowledge.extremenetworks.com/articles/Q_A/How-many-blacklist-whitelist-mac-addresses-ar...
J
Thank you I am using WM5.5. and cannot find the ap>global> etc
J
Userlevel 4
Which controller and firmware are you using? The setting i was referring to is found directly on the controller webUI, I'm not sure if you can do the same thing via wireless manager.
J
WM3700 3.41
J
Userlevel 4
WM3700 3.41Apologies but I'm not familiar with that product. I also can't seem to find the User Manual for it on the product page. Maybe someone from Extreme can speak to this.
Robert Zarzycki
Rank
Userlevel 6
WM3700 3.41This is a Summit WM3700 Wireless LAN Controller running WiNG firmware.
S
Userlevel 4
try the following... association-acl-policy CLIENT-BLACKLIST permit 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000 Add that to the WLAN config via the cli use association-acl-policy CLIENT-BLACKLIST
C
Rank
Userlevel 6
In WiNG you could bar unwanted MAC addresses by going to Configuration >> Wireless >> Association ACL >> Add (to create a new ACL) >> Add row/s to create rules >> Save

Once done you must apply the ACL to the WLAN you'd like to use it on by going to Configuration >> Wireless >> Select the WLAN you want to apply it to >> Firewall >> Association ACL >> Select the ACL you created earlier >> OK >> Commit and Save.
J
Hi Thank you I tried this with 30 odd addresses but it killed the WiFi I had 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000 Allow and the others were precenence 1-33
S
Userlevel 4
Hi Thank you I tried this with 30 odd addresses but it killed the WiFi I had 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000 Allow and the others were precenence 1-33
When you say it killed the wifi, please explain what happens .....
S
Userlevel 4
what does your association ACL look like? can you paste a copy for review? does your association acl look something like this... association-acl-policy CLIENT-BLACKLIST deny 78-0C-B8-F6-D3-9E 78-0C-B8-F6-D3-9E precedence 1 deny 1C-1D-86-70-0D-7E 1C-1D-86-70-0D-7E precedence 2 deny 28-C6-8E-10-79-12 28-C6-8E-10-79-12 precedence 3 permit 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 1000 !
C
Rank
Userlevel 6
For the "Allow All" rule please try using the following Starting and Ending MAC addresses: 00-00-00-00-01:FF-FF-FF-FF-FE
J
http://oi63.tinypic.com/33ws1s1.jpg

Reply