Redirecting a list of MAC Addresses

  • 1
  • Question
  • Updated 4 years ago
  • Answered
I am creating a user profile and using the client classification policy to direct known mac addresses to a certain vlan. Mac addresses not in the list, stay on the default vlan.

Is this the best way to accomplish this. I expand the client classification Policy while editing the User profile and add the mac address there. I have a long list of single entries underneath there.

There is no one OUI nor can I use a range. Just wondering if I am skinning the cat the proper way.

Any help would be great.
Photo of kaniajoe

kaniajoe

  • 5 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Sjoerd de Jong

Sjoerd de Jong, Employee

  • 97 Posts
  • 20 Reply Likes
What's your underlaying goal? Do you want to divide your managed clients (domain computers for example) from the rest of your clients?
Photo of kaniajoe

kaniajoe

  • 5 Posts
  • 0 Reply Likes
That's correct.  We have two SSIDs.  One is for guests.  One is for employees.  If the employee joins their SSID with a corporate managed asset (iPad, Windows, Android, etc.) they get access to the corporate network.  If we have no idea what it is, they get Internet only.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
You are definitely going about this the wrong way as you do not want to be dealing with lists of MAC addresses, which would be both time consuming and very insecure.

What you need to do is apply a user profile to the connection as it is made, typically setting the desired profile against the PSK used to connect or against the user/device when RADIUS authentication occurs.

Could you elaborate how your managed and unmanaged devices are connecting?
Photo of kaniajoe

kaniajoe

  • 5 Posts
  • 0 Reply Likes
Everyone on our CORP vlan authenticates against AD via Radius.  If they are in the MAC list we have, they get on the CORP vlan via client classification policy.  Otherwise they stay on the GUEST vlan.  our GUEST ssid always stays on the GUEST vlan.  Does that help?