cancel
Showing results for 
Search instead for 
Did you mean: 

MAC ACL on Extreme Cloud IQ

MAC ACL on Extreme Cloud IQ

Matheus_Santana
New Contributor III

Is there any way to create an ACL policy similar to WiNG in Extreme Cloud IQ?

In WiNG I can associate an ACL policy to the SSIDs, blocking or releasing access to devices via MAC, for example, I would like to create the same policy for my SSIDs on devices connected to Extreme Cloud IQ, but I can't find a way.

1 ACCEPTED SOLUTION

Ash_Finch
Contributor III

I'm unsure what it looks like on the WiNG side so may not be a direct comparison but there are two ways to block devices connecting via MAC:

1. In the SSID > SSID usage you have a MAC Authentication tab
2. At the bottom of the SSID > additional settings > optional settings > enable MAC-Based filters (in the DoS Prevention Box) > Default action Deny > add MAC-Based filters > add devices to allow onto an SSID.
Only limitation of that is that you'd have to add in the MAC's one by one for each SSID.

 

View solution in original post

5 REPLIES 5

systemscsn
Valued Contributor

But what a PITA that is... having to push it to every AP, and not just that but as a full config push which reboots the AP's...  There has to be a better way of doing MAC filtering.  Our old Ruckus had an interface where you could either manually enter the MAC address, or browse/search devices, select the device, and click on block. Done.  The changes rolled out to all the AP's, no reboots required!  How about something like that?

I haven't done it in a while, but if I recall correctly I only pushed a delta to the APs and it worked. Just tried now and it's part of the running config, so suggests a delta would be ok. I'm not in the office to check whether it blocks me from connecting though to be completely sure!

Otherwise agreed, it's not the simplest of methods to block a device from connecting

Christopher_Fra
Extreme Employee

The following is a Knowledgebase article explaining the steps provided by Ash_Finch:

https://extremeportal.force.com/ExtrArticleDetail?an=000057316&q=XIQ%20MAC%20ACL

Ash_Finch
Contributor III

I'm unsure what it looks like on the WiNG side so may not be a direct comparison but there are two ways to block devices connecting via MAC:

1. In the SSID > SSID usage you have a MAC Authentication tab
2. At the bottom of the SSID > additional settings > optional settings > enable MAC-Based filters (in the DoS Prevention Box) > Default action Deny > add MAC-Based filters > add devices to allow onto an SSID.
Only limitation of that is that you'd have to add in the MAC's one by one for each SSID.

 

GTM-P2G8KFN