Is there a easier way to black list clients.

  • 2
  • Question
  • Updated 5 years ago
  • Answered
I'm new to using Aerohive/HiveMnager, so every time when we change our Pass Phrase students always find a way to retrieve the pass phrase from other devices we put personally put on. So we get a lot of students getting on our wireless without our permission.
Is there a easier way to black list 50 devices all at once?
Photo of Dickson Hoshnic

Dickson Hoshnic

  • 1 Post
  • 0 Reply Likes

Posted 5 years ago

  • 2
Photo of Abby S

Abby S, Employee

  • 94 Posts
  • 47 Reply Likes
hi Dickson,

This seems like a perfect use case for our unique Private Pre-Shared Key feature. Not only can you issue a unique key to each device or user you want to connect, but you can also bind that key to a specific MAC address so it cannot be used for another device. The configuration information for this is contained within the HiveManager Help, or if you give it a try and get stuck please feel free to reach out to us here on the community.
http://www.aerohive.com/solutions/tec...
Photo of Chris B

Chris B, Official Rep

  • 93 Posts
  • 10 Reply Likes
Hi Dickson

PPSK would be a good option here, however if you keep a single PSK configured for your SSID you can blacklist clients by creating a mac filter denying the specific mac addresses, and then apply it to your SSID.

Chris
Photo of Eric

Eric

  • 15 Posts
  • 1 Reply Like
Can someone make a tutorial on how to do the mac filter deny? I have tried numerous types of equipment and cannot get our APs to deny connectivity.

Any help will be greatly appreciated.
Photo of Amanda

Amanda

  • 396 Posts
  • 25 Reply Likes
This is a great conversation that's separate from the main topic, so I created a new topic to continue the discussion. Please reference the new topic here: How do I do the mac filter deny?
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
As advised in the newly created thread MAC filtering is not a valid security feature as it can be easily nullified.

I had a similar issue to you at a school and configured the following:

* A student SSID with Private PSK authentication. The number of concurrent connections per Private PSK should be set to one.
* A Private PSK server was configured for the student SSID.

Students brought their wireless devices to the IT team who created a unique student Private PSK for each student. The IT team made the initial connection to the student SSID that binds the device to the Private PSK.

It is not a perfect solution but it does get around a number of issues, particularly with iPads.