How to block mac address ?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Hello everybody,

I'm currently searching how to block mac address.
Some people connect their smartphone to our network. Unfortunately, we don't have enough IP from the DHCP for all smartphone. So I would like to know how can I do it !

thank you in advance !
Photo of deadwing

deadwing

  • 6 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Chris B

Chris B, Official Rep

  • 93 Posts
  • 10 Reply Likes
Hi Deadwing

To block a specific mac-address or addresses you can use a mac filter, create a list of mac objects you want to block and then assign this to a mac filter, then assign this mac filter to your SSID's.

Chris
Photo of jjohnsonsracing19

jjohnsonsracing19

  • 9 Posts
  • 1 Reply Like
I know this is an old post but is there any detailed documentation on this, I am new to hive manager.
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
MAC filters can be assigned under Advanced Configuration -> Security Policies -> MAC Filters, and then can be assigned here: 
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
Blocking via MAC isn't really the best option for class-based blocking, though.
Photo of jjohnsonsracing19

jjohnsonsracing19

  • 9 Posts
  • 1 Reply Like
What would be my best choice for blocking clients that shouldnt be on the network?
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes

To block smartphones I would utilise the client classification functionality within the user profile and drop Android, iOS, Symbian and Windows Phone clients.

To create a user profile that will drop all smartphone users do the following:

1.  Create a schedule (Configuration -> Advanced Configuration -> Schedules) that has a time/date range that can never be met.  In the example below I have used Midnight to one minute past Midnight on New Years Day 2010.


 

2.  Create a user profile (Configuration -> User Profiles) that you can assign the newly created schedule to.  I have also created a VLAN object that points to a non-existent VLAN and assigned it to the user profile.  You will notice that under the "User Profile Availability Schedules" section the "Deny Action for Schedule" is set to "No Association".  This means that any wireless client matched to this user profile outside the date/time range specified in the previously created schedule will not be able to associate.


3. Lastly, in your normal user profile add the following client classification rules.  These rules will move any Windows Phone, iPod/iPhone/iPad, Android, Symbian or BlackBerry clients into the "Deauth_Client" user profile, where they will not be able to associate.



Hopefully that helps.

(Edited)