How do you block rouge devices?

  • 1
  • Question
  • Updated 11 months ago
I'm looking for a way to block a few rouge devices from joining my network. Currently we use a hosted based certificate system (cloudpath). In short the student's are using the guest access authentication method, to join their personal iPad to the network, and not their school issued iPad. I have serial numbers, and could get MAC addresses. 

Thanks 
Photo of James Watson

James Watson

  • 16 Posts
  • 3 Reply Likes

Posted 2 years ago

  • 1
Photo of Dianne Dunlap

Dianne Dunlap

  • 75 Posts
  • 15 Reply Likes
Mac authentication suggests itself - AFAIK it's difficult to mac-spoof ipads without rooting them.
Photo of James Watson

James Watson

  • 70 Posts
  • 8 Reply Likes
So just make a blacklist of banned MAC addresses? Where would I do that?

Thanks so much. 
Photo of Dianne Dunlap

Dianne Dunlap

  • 75 Posts
  • 15 Reply Likes
Actually it would be more of a whitelist than a blacklist.  You'd need a radius server that supports mac authentication - almost all do.  There is information at:
https://documentation.meraki.com/MR/Encryption_and_Authentication/Creating_an_NPS_Policy_for_MAC-based_Authentication
You could also use Freeradius.  You would list allowed macs then others would be denied.
Photo of Aaron Valente

Aaron Valente

  • 42 Posts
  • 3 Reply Likes
If you know the MAC's you want to ban then the blacklist is definitely less time consuming. In the config settings of your SSID there is a MAC Filter under "optional settings". Just get them in there.
Photo of Rick Barragan

Rick Barragan

  • 12 Posts
  • 2 Reply Likes
what about mac address spoofing?