When a user associates a wireless client device with an AP that the cloud server is managing, the client device is recorded and tracked. If, for any reason, you need to block a client device from accessing the network, you can do so from the below steps.
A few reasons why you might consider blocking a wireless client device include:
- Network abuse
- Violation of acceptable use policy
- Security compromise
Follow below steps to block a wireless client and
- Manually add the clients MAC addresses in the Association ACL
- Use the Block option available under the Clients tab after association with AP.
Manually add the devices MAC addresses in the Association ACL on your Cloud/On-premises server
- Navigate to Configuration > Association ACL page
- Click Add to add a MAC under Association ACL
- If MAC is not configured under the policy (to allow/deny), the default action will be applied.
- To edit/delete Association ACL, click on the respective icons.
- You can import Association ACL, by clicking Import.csv button and export using the Export button
Use the Block option available under the Clients tab after association
- Navigate to Manage > then, navigate the Device Tree to the appropriate level for AP (client connected AP) > Click on Clients > Wireless Clients > Actions > Click on Block
- Respective client will get blocked and show up under the Association ACL and you can modify the rule (Access/Deny) accordingly.
- In-order for the APs to hit the Association ACL lists using both the methods, WLAN profiles must have MAC Authentication as cnMaestro.
- To configure MAC authentication as cnMaestro:
- The Association ACL is shared among all Enterprise WLANs, but it must be explicitly mapped to each Enterprise (Shared Settings > WLANs and AP Groups > Click on the WLAN profile that you want to configure).
- Wireless LAN that uses it (Under Configuration > Access Control > MAC Authentication)
How it Functions:
- When a client requests to get connected to an AP
- The AP sends MAC authentication request along with the client’s MAC and the Customer ID (CID) to the Controller.
- This is optional and occurs only if MAC ACL is configured for the WLAN on the AP and the policy for the MAC ACL is cnMaestro.
- Controller checks and responds with an action to allow or deny the request.
- AP allows or denies the client’s request based on the Controller’s response.
Both Cloud and On-Premises server supports up to 10,000 MAC entries