04-11-2018 05:42 PM
Solved! Go to Solution.
04-11-2018 08:47 PM
There are a few different options.
You can see the clients that are connected on your HiveManager (If you are using HiveManager Classic you can see this by going to Monitor> Clients> Active Clients. If you are using HiveManager NG, you can see this by going to Monitor> Clients). In Classic, you can deauth clients by checking the box next to the client you want to disconnect> Operations> Deauth Client. However, this will only disconnect them once, nothing is stopping them from reconnecting.
If you want to block a MAC address in particular, you could set up a MAC filter. If you are going to have a lot of MACs to block, we'd recommend setting the MAC filter up through your firewall rather than the APs.
If you are using PPSK, you could set up MAC binding so the credentials only work for a certain number of devices. For example, if you set this to one device per log in, the first device that the student logs in on will lock the PPSK credentials to that MAC address alone. Then if they tried to log in with their PPSK credentials on a second machine, even though the credentials are correct, they will be unable to log in.
If you can give me more information about your set up, I can give you more detailed recommendations. A few things that would be good to know:
Hope that helps.
04-23-2018 05:47 PM
I added a special client group on our network called "jail" that leads into a VLAN without any further access to anything + client isolation.
Devices that are misbehaving are added to this group by mac address, then I wait for the people to show up at the tech desk because "their wlan isn't working" 😉
04-12-2018 03:09 PM
Bocking by MAC address is a multi step process in Aerohive Manager where you create list of MAC addresses and assign them to network policies or SSIDs. Each addition or change requires config upload to APs. Instant option that does not survive config reloads is to CLI into AP and enter commands to block a MAC address. That being said it is lots of manual labor and you should probably look into other means of curbing VPN traffic.
04-11-2018 08:47 PM
There are a few different options.
You can see the clients that are connected on your HiveManager (If you are using HiveManager Classic you can see this by going to Monitor> Clients> Active Clients. If you are using HiveManager NG, you can see this by going to Monitor> Clients). In Classic, you can deauth clients by checking the box next to the client you want to disconnect> Operations> Deauth Client. However, this will only disconnect them once, nothing is stopping them from reconnecting.
If you want to block a MAC address in particular, you could set up a MAC filter. If you are going to have a lot of MACs to block, we'd recommend setting the MAC filter up through your firewall rather than the APs.
If you are using PPSK, you could set up MAC binding so the credentials only work for a certain number of devices. For example, if you set this to one device per log in, the first device that the student logs in on will lock the PPSK credentials to that MAC address alone. Then if they tried to log in with their PPSK credentials on a second machine, even though the credentials are correct, they will be unable to log in.
If you can give me more information about your set up, I can give you more detailed recommendations. A few things that would be good to know:
Hope that helps.