03-22-2023 05:22 AM
Is there any way to create an ACL policy similar to WiNG in Extreme Cloud IQ?
In WiNG I can associate an ACL policy to the SSIDs, blocking or releasing access to devices via MAC, for example, I would like to create the same policy for my SSIDs on devices connected to Extreme Cloud IQ, but I can't find a way.
Solved! Go to Solution.
03-22-2023 05:41 AM
I'm unsure what it looks like on the WiNG side so may not be a direct comparison but there are two ways to block devices connecting via MAC:
1. In the SSID > SSID usage you have a MAC Authentication tab
2. At the bottom of the SSID > additional settings > optional settings > enable MAC-Based filters (in the DoS Prevention Box) > Default action Deny > add MAC-Based filters > add devices to allow onto an SSID.
Only limitation of that is that you'd have to add in the MAC's one by one for each SSID.
03-30-2023 05:53 AM
But what a PITA that is... having to push it to every AP, and not just that but as a full config push which reboots the AP's... There has to be a better way of doing MAC filtering. Our old Ruckus had an interface where you could either manually enter the MAC address, or browse/search devices, select the device, and click on block. Done. The changes rolled out to all the AP's, no reboots required! How about something like that?
03-31-2023 05:13 AM
I haven't done it in a while, but if I recall correctly I only pushed a delta to the APs and it worked. Just tried now and it's part of the running config, so suggests a delta would be ok. I'm not in the office to check whether it blocks me from connecting though to be completely sure!
Otherwise agreed, it's not the simplest of methods to block a device from connecting
03-24-2023 01:40 PM
The following is a Knowledgebase article explaining the steps provided by Ash_Finch:
https://extremeportal.force.com/ExtrArticleDetail?an=000057316&q=XIQ%20MAC%20ACL
03-22-2023 05:41 AM
I'm unsure what it looks like on the WiNG side so may not be a direct comparison but there are two ways to block devices connecting via MAC:
1. In the SSID > SSID usage you have a MAC Authentication tab
2. At the bottom of the SSID > additional settings > optional settings > enable MAC-Based filters (in the DoS Prevention Box) > Default action Deny > add MAC-Based filters > add devices to allow onto an SSID.
Only limitation of that is that you'd have to add in the MAC's one by one for each SSID.