ā11-21-2018 04:29 PM
ā05-13-2019 12:11 PM
Unfortunately we don't have a similar function at the moment, but I can submit this as a feature request for you if you'd like to see if we can add it to a future release?
ā05-10-2019 08:51 AM
Hello,
Do you know if there is an easier way to include a client into whitelist to bypass firewall rules on AP? Having to deal with supplemental CLI and adding sing MAC objects every time is not really feasible from the customer's side. Adding a different MAC to supplemental CLI commands every time a specific client connects would be solution as well, MAC range does not seem to be the right option.
A button appearing on client list near by the client name as "Add to whitelist" would be a perfect solution. One of our competitors meets this requirement.
Bests,
YĆ¼cel
ā11-21-2018 04:47 PM
The following is an excerpt from this page, but I wanted to separate out the part that answers your question: http://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-supplemental-cli.htm
To configure MAC Address Bypass, which is also referred to as a captive web portal whitelist, there are three tasks to perform:
Define the MAC Address Object
The following is the CLI command syntax to create a MAC whitelist object with a single MAC address or a range of addresses:
mac-object <string> mac-range <mac_addr> - <mac_addr>
To create a single MAC whitelist object containing a single MAC address, enter the following:
mac-object MyMacObject1 mac-range 1111:2222:3333 - 1111:2222:3333
To create a single MAC whitelist object containing a range of MAC addresses, enter the following:
mac-object MyMacObject2 mac-range aaaa:bbbb:cccc - aaaa:bbbb:dddd
Enable MAC Address Bypass for Specific Security Objects
The following is the CLI command syntax to enable this feature for a specific security object:
security-object <string> security mac-white-list bypass-cwp
For example, to specify an SSID, enter:
security-object vendor security mac-white-list bypass-cwp
Pair MAC and Security Objects
Once this feature is enabled, you must pair the bypass-cwp security object to the MAC object that contains the specific MAC addresses that can bypass the captive web portal.
The CLI command syntax to create a MAC object is:
security-object <string> security mac-white-list mac-object <string>
For example:
security-object vendor security mac-white-list mac-object MyMacObject1
Each security-object can have up to eight different MAC objects associated to a specific mac-white-list.
For example, to bind the vendor SSID eight MAC objects, enter the following:
# security-object vendor security mac-white-list mac-object MyMacObject1
# security-object vendor security mac-white-list mac-object MyMacObject2
# security-object vendor security mac-white-list mac-object MyMacObject3
# security-object vendor security mac-white-list mac-object MyMacObject4
# security-object vendor security mac-white-list mac-object MyMacObject5
# security-object vendor security mac-white-list mac-object MyMacObject6
# security-object vendor security mac-white-list mac-object MyMacObject7
# security-object vendor security mac-white-list mac-object MyMacObject8
You can add up to eight different MAC objects to a single mac-white-list. If you attempt to add more than eight objects, the following error message appears:
# security-object vendor security mac-white-list mac-object MyMacObject9
can't bind mac-object to mac-white-list exceeding 8 members!
View Paired Objects
The following is the CLI command syntax to see all of the paired MAC objects for a specific security object:
show security-object <string> security mac-white-list
For example, assuming the object above exists, you can enter the following to view them:
show security-object test-ssid security mac-white-list