K

2 Messages

 • 

80 Points

Thu, Oct 7, 2021 6:44 PM

How can I block more than 128 users in zd1200

Good afternoon, my query is the following: in the director zone I can only block 128 users, I work in a school and students should not be able to connect their cell phones to the network, all access lists by L2 or L3 only allow me to create up to 128 mac, is there any way to block more? Thanks in advance

Official Rep

 • 

1.2K Messages

 • 

17K Points

12 d ago

Hi Kelvin,

You can use radius attributes to allow/deny the access.

Within ZD there is no way to go beyond 128 entries to block clients using an ACL.

2 Messages

 • 

80 Points

12 d ago

thanks a lot

162 Messages

 • 

2.9K Points

12 d ago

I'd recommend using a device policy that has deny rules for ios and android.  That approach works for any wlan (open, psk, 802.1x...) regardless of authentication method.  Alternatively, you could define the policy to allow only certain devices (eg, windows laptops and chromebooks) and block everything else. 

(edited)

Official Rep

 • 

1.2K Messages

 • 

17K Points

@david_black_5940365 that is also a good way to block the clients, however, what if teachers/staff also using cell phones and admin wants to allow them?

If that is the case, they have to crated a new dedicated SSID just for staff/teachers. On the student WLAN, we can use the device policy and block android and iOS.

Regards,

Syamantak Omer

Official Rep | Staff TSE | CWNA | CCNA | RASZA | RICXI

Follow me on Linkedin

85 Messages

 • 

1.1K Points

8 d ago

It won't work reliably, since the  "fingerprinting" used by ruckus seems out of date.

there are many other device types like "speakers" that don't fall into any group.

so you cannot allow or block them reliably.

it's always a bad idea to have computers/phones on the same SSID

specifically because i have recently seen Russians, coming in on the mobile phone via other network mappings then using the phones to "leverage" the internal network  by using the phone as a bridge, between networks.

They also use the phone as a way to DDOS the DHCP into using all the leases.

Important Announcement