This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to block a single MAC Address

How to block a single MAC Address

Go to solution
systemscsn
Valued Contributor

‎10-28-2020 02:46 PM

Hi,

I work in a school that has Pre-K all the way through to 12th grade.

 

We have been experiencing issues, where people will get bumped off the wifi, or they will connect but not get an IP address.  Also, the normally green cloud next to the AP, goes red.  I jump into the firewall and connection diagnostic, and see a computer that is sending and receiving a massive amount of data.  

I believe this may be deliberate, and to test this theory, I want to block their MAC Address within ExtremeIQ, and see if the issue clears up.  Can someone tell me how to do that within the ExtremeIQ interface? please?

many thanks in advance, J.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
systemscsn
Valued Contributor

‎11-05-2020 12:43 PM

Hi,

 

I went another route, as I did not want to risk the devices needing a reboot with that configuration change.  So I enabled the Deny Filter within DHCP.  From what i have read about DHCP and Windows Server 2012, its best to only Enable the Deny, as people have run into issue with the DHCP Server Service when enabling both Allow Filter and Deny Filter.

 

If anyone is interested, here is the official Microsoft link:

https://social.technet.microsoft.com/wiki/contents/articles/25665.how-to-enable-and-configure-dhcp-m...

 

As i said though, many comments in many other articles said they had Service issues with both enabled, so be careful.  The article above doesn't mention any issues enabling both. 

 

I thought it easier to enable the Deny list at the DHCP level, although that adds a hop, as the client would connect to the AP, then try to get an IP address, only to be denied.  Hopefully any clients on the Deny Filter do not take up a lot of air time with the Access Point.  So far, ive only added a few devices that seem to either be teaming their Ethernet and their WiFi adapters or bridging those connections (they have an IP for Ethernet and an IP for wifi), and i added their wifi MAC address to the Deny Filter, so they can only get on Ethernet.

 

Thanks,

J

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
systemscsn
Valued Contributor

‎10-28-2020 03:16 PM

Thanks Sam.  I appreciate the article, I was in the ballpark when looking for that setting.

 

Do I really have to push a full config, and restart all the AP’s!  we have a…. LOT of them, and i obviously cant do that during the day.  

 

Any reason this cant be a delta push? So I don't have to restart all the AP’s?

 

J.

0 Kudos

Go to solution
SamPirok
Community Manager Community Manager
Community Manager

‎10-28-2020 03:10 PM

Hi J, this guide reviews how to create a MAC filter to block certain MAC addresses: https://extremeportal.force.com/ExtrArticleDetail?n=000046577&q=Block%20mac%20address

0 Kudos
GTM-P2G8KFN