This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Legacy
- Aerohive Migrated Content
- Re: BLOCK mobile phones on corporate SSID but ALLO...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
BLOCK mobile phones on corporate SSID but ALLOW them on guest SSID
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-23-2018 02:25 PM
We have two (2) wireless networks (SSID) that are on different subnets (192.168.x.x/24 - corporate) and (172.16.x.x/24 - guest). I need to BLOCK all mobile phones from the corporate network (192.168.x.x/24) and only allow them on the guest network (172.16.x.x/24). I haven't found an effective way to do this other than blocking MAC addresses one-by-one. I simply need a policy that does not allow Android or IOS operating systems on the corporate network. Any assistance would be appreciated.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-24-2018 01:30 PM
Great, I see you've tagged this as HiveManager (formerly NG), so the instructions that follow would be for that platform.
You would want to open the SSID and go down to the user profile section. Check the box next to "Apply a different user profile to various clients and user groups", then add a user profile to the new section you have (the one we want to direct the mobile devices to). Once you've added the new user profile, click on the small plus icon next to Assignment Rules. You can name the rule whatever you'd like, then click on the plus icon and select Client OS type. Next select the OS types you would like to block and save.
This will direct the OS types you specified to the secondary user profile, which can be on a dead VLAN to drop the traffic all together, or have different rules and restrictions applied to it, whatever works for you.
Please let me know if I can clarify anything. I'll work on getting a how-to guide made for this process for the HiveManager (formerly NG) platform.
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-26-2018 11:35 AM
Sam - your solution worked, even though it worked different than I expected or perhaps I implemented wrong. Mobile users who are were typically connected to the CORP wireless network (192.168.x.x) were forced onto the GUEST wireless network (172.16.x.x). What I did not expect was they are on the CORP SSID not the GUEST SSID. Perhaps I need to apply the policy to the GUEST SSID as well. Regardless - they are segmented from the CORP newtwork which was my goal. Thank you kindly!!
I'll look forward to seeing your HOWTO guide.
We can consider this question ANSWERED.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-25-2018 11:57 AM
Thanx Sam - I am did the config pursuant to your response - then push it out to a few test APs tonight - then do some testing in the AM before everyone arrives.
Best regards....
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-24-2018 01:30 PM
Great, I see you've tagged this as HiveManager (formerly NG), so the instructions that follow would be for that platform.
You would want to open the SSID and go down to the user profile section. Check the box next to "Apply a different user profile to various clients and user groups", then add a user profile to the new section you have (the one we want to direct the mobile devices to). Once you've added the new user profile, click on the small plus icon next to Assignment Rules. You can name the rule whatever you'd like, then click on the plus icon and select Client OS type. Next select the OS types you would like to block and save.
This will direct the OS types you specified to the secondary user profile, which can be on a dead VLAN to drop the traffic all together, or have different rules and restrictions applied to it, whatever works for you.
Please let me know if I can clarify anything. I'll work on getting a how-to guide made for this process for the HiveManager (formerly NG) platform.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-23-2018 10:00 PM
Thank you Sam. YES - that will work. I have the corp SSID on VLAN 1 and guest SSID on VLAN 99. The guest network is INTERNET ONLY and is routed directly out of our firewall; whereas, our corp SSID has access to the appropriate resources (servers, etc.).
Thank you in advance for taking a look at this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-23-2018 09:01 PM
We can do this using client classification. This would mean that we can send all Androids, iPhones, etc to a specific VLAN (that can be a dead VLAN, or a VLAN attached to a User Profile with significant traffic throttling, etc), based on MAC OS. Does that sound like what you are looking for?
