This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

How reject Android/iOS devices

How reject Android/iOS devices

Mauro_M_
New Contributor

ā€Ž04-21-2020 11:01 AM

Hi all.
I would like to submit a question, my access points are configured with two radio networks: one corporate and one dedicated to mobile devices.
These two radio networks are on different vlan.
Many users uses the corporate network for their own mobiles, so my question is: is it possible to create a rule how reject all Android/iOS devices (by MAC OUI/other) if a device tries to connect to that network? 
If yes, how can I do?

I hope I was clear, if not, don't hesitate to ask.

Thanks for your time
Mauro


My setup is:
- VX9000 controller version 5.9.1.3-007R
- Access points: AP-8432, AP-7632, AP-7522

0 Kudos
9 REPLIES 9

Mauro_M_
New Contributor

ā€Ž04-21-2020 01:35 PM

Thanks Chris for your support, itā€™s very usefull in order to block/allow specific MAC.

Do you know if thereā€™s a better way to block/allow an entire brand (all iphones/ipad) without write by hand every single mac oui?

0 Kudos

Christoph_S
Extreme Employee

ā€Ž04-21-2020 01:03 PM

VERY IMPORTANT:

 

If you created an association ACL, there is an explicit Deny All rule at the end of the ACL (you canā€™t see it but itā€™s there) so it is imperative that you add an allow all rule in your ACL or else all traffic will be denied. 

 

Add this line at end of your ACL after youā€™ve entered all the deny rules:

7311bf0b71694c5d9327678363bc8968_e526bb45-412c-4dbb-b58d-ce4b0a8815c0.png

 

Chris

 

Christoph S.
0 Kudos

Christoph_S
Extreme Employee

ā€Ž04-21-2020 12:54 PM

Hello Mauro,

 

Check step 2 of this article for instructions on mapping the ACL to the WLAN:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-an-Association-ACL-using-CLI

From GUI:

Configuration Ā» Wireless Ā» Select the WLAN you want to apply this to Ā» Edit Ā» Firewall Ā» Association ACL Ā» Select the ACL you created from the drop down menu Ā» OK Ā» Commit and Save

 

Thank you,

 

Chris

Christoph S.
0 Kudos

Mauro_M_
New Contributor

ā€Ž04-21-2020 12:38 PM

Thanks for your reply.

Now I configured my device fringer print group, how can I apply this group to a policy who deny these ā€œfingerprintā€ to connect to a specifc SSID?

 

Thanks again

0 Kudos

Alexandr_P
Valued Contributor

ā€Ž04-21-2020 11:26 AM

Hello!
 

You can use device fingerprinting.

https://documentation.extremenetworks.com/WiNG/5.9.7/WCSRG/downloads/WiNG_5.9.7_Controller_System_Re...

From page 864

 

Thank you!

0 Kudos
GTM-P2G8KFN