Hi, I need to be able to block a client by their Active Directory Username in HMNG. I have seen that I can block by device MAC address but this is a generic user given out to Students. So the device is not unique. I would like to Deny this Username access to my 802.1X SSID. Thanks
This should always be done at the EAP terminating RADIUS server or at the backing directory rather than at an authenticator (AP or switch).
A strong technical reason why this would be a bad idea is that EAP outer identities can often be anonymous or spoof another user. An authenticator (AP or switch) has no way of knowing if this has occurred or not.