This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Legacy
- Aerohive Migrated Content
- Is there an easy way to see a device on the networ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Is there an easy way to see a device on the network, and block it? I can do it on my home wifi, surely there is an easy way to block someone from a school setting? I'm tired of these vpn's!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-11-2018 05:42 PM
Is there an easy way to see a device on the network, and block it? I can do it on my home wifi, surely there is an easy way to block someone from a school setting? I'm tired of these vpn's!
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-11-2018 08:47 PM
There are a few different options.
You can see the clients that are connected on your HiveManager (If you are using HiveManager Classic you can see this by going to Monitor> Clients> Active Clients. If you are using HiveManager NG, you can see this by going to Monitor> Clients). In Classic, you can deauth clients by checking the box next to the client you want to disconnect> Operations> Deauth Client. However, this will only disconnect them once, nothing is stopping them from reconnecting.
If you want to block a MAC address in particular, you could set up a MAC filter. If you are going to have a lot of MACs to block, we'd recommend setting the MAC filter up through your firewall rather than the APs.
If you are using PPSK, you could set up MAC binding so the credentials only work for a certain number of devices. For example, if you set this to one device per log in, the first device that the student logs in on will lock the PPSK credentials to that MAC address alone. Then if they tried to log in with their PPSK credentials on a second machine, even though the credentials are correct, they will be unable to log in.
If you can give me more information about your set up, I can give you more detailed recommendations. A few things that would be good to know:
- Are you using HiveManager NG (cloud.aerohive.com) or HiveManager Classic (myhive.aerohive.com)?
- Are you trying to block known users (clients allowed in your network) or unknown users (rouge APs/users)?
- What kind of security are you using for your SSID (Open, PSK, PPSK, or Radius)?
Hope that helps.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-23-2018 05:47 PM
I added a special client group on our network called "jail" that leads into a VLAN without any further access to anything + client isolation.
Devices that are misbehaving are added to this group by mac address, then I wait for the people to show up at the tech desk because "their wlan isn't working" 😉
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-12-2018 03:09 PM
Bocking by MAC address is a multi step process in Aerohive Manager where you create list of MAC addresses and assign them to network policies or SSIDs. Each addition or change requires config upload to APs. Instant option that does not survive config reloads is to CLI into AP and enter commands to block a MAC address. That being said it is lots of manual labor and you should probably look into other means of curbing VPN traffic.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-11-2018 08:47 PM
There are a few different options.
You can see the clients that are connected on your HiveManager (If you are using HiveManager Classic you can see this by going to Monitor> Clients> Active Clients. If you are using HiveManager NG, you can see this by going to Monitor> Clients). In Classic, you can deauth clients by checking the box next to the client you want to disconnect> Operations> Deauth Client. However, this will only disconnect them once, nothing is stopping them from reconnecting.
If you want to block a MAC address in particular, you could set up a MAC filter. If you are going to have a lot of MACs to block, we'd recommend setting the MAC filter up through your firewall rather than the APs.
If you are using PPSK, you could set up MAC binding so the credentials only work for a certain number of devices. For example, if you set this to one device per log in, the first device that the student logs in on will lock the PPSK credentials to that MAC address alone. Then if they tried to log in with their PPSK credentials on a second machine, even though the credentials are correct, they will be unable to log in.
If you can give me more information about your set up, I can give you more detailed recommendations. A few things that would be good to know:
- Are you using HiveManager NG (cloud.aerohive.com) or HiveManager Classic (myhive.aerohive.com)?
- Are you trying to block known users (clients allowed in your network) or unknown users (rouge APs/users)?
- What kind of security are you using for your SSID (Open, PSK, PPSK, or Radius)?
Hope that helps.
