This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MAC ACL on Extreme Cloud IQ

MAC ACL on Extreme Cloud IQ

Go to solution
Matheus_Santana
New Contributor III

‎03-22-2023 05:22 AM

Is there any way to create an ACL policy similar to WiNG in Extreme Cloud IQ?

In WiNG I can associate an ACL policy to the SSIDs, blocking or releasing access to devices via MAC, for example, I would like to create the same policy for my SSIDs on devices connected to Extreme Cloud IQ, but I can't find a way.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Ash_Finch
Contributor III

‎03-22-2023 05:41 AM

I'm unsure what it looks like on the WiNG side so may not be a direct comparison but there are two ways to block devices connecting via MAC:

1. In the SSID > SSID usage you have a MAC Authentication tab
2. At the bottom of the SSID > additional settings > optional settings > enable MAC-Based filters (in the DoS Prevention Box) > Default action Deny > add MAC-Based filters > add devices to allow onto an SSID.
Only limitation of that is that you'd have to add in the MAC's one by one for each SSID.

 

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
systemscsn
Valued Contributor

‎03-30-2023 05:53 AM

But what a PITA that is... having to push it to every AP, and not just that but as a full config push which reboots the AP's...  There has to be a better way of doing MAC filtering.  Our old Ruckus had an interface where you could either manually enter the MAC address, or browse/search devices, select the device, and click on block. Done.  The changes rolled out to all the AP's, no reboots required!  How about something like that?

0 Kudos

Go to solution
Ash_Finch
Contributor III
In response to systemscsn

‎03-31-2023 05:13 AM

I haven't done it in a while, but if I recall correctly I only pushed a delta to the APs and it worked. Just tried now and it's part of the running config, so suggests a delta would be ok. I'm not in the office to check whether it blocks me from connecting though to be completely sure!

Otherwise agreed, it's not the simplest of methods to block a device from connecting

0 Kudos

Go to solution
Christopher_Fra
Extreme Employee

‎03-24-2023 01:40 PM

The following is a Knowledgebase article explaining the steps provided by Ash_Finch:

https://extremeportal.force.com/ExtrArticleDetail?an=000057316&q=XIQ%20MAC%20ACL

0 Kudos

Go to solution
Ash_Finch
Contributor III

‎03-22-2023 05:41 AM

I'm unsure what it looks like on the WiNG side so may not be a direct comparison but there are two ways to block devices connecting via MAC:

1. In the SSID > SSID usage you have a MAC Authentication tab
2. At the bottom of the SSID > additional settings > optional settings > enable MAC-Based filters (in the DoS Prevention Box) > Default action Deny > add MAC-Based filters > add devices to allow onto an SSID.
Only limitation of that is that you'd have to add in the MAC's one by one for each SSID.

 

0 Kudos
GTM-P2G8KFN