Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Disabling wireless clients by username

We currently have Prime Infrastructure 1.3 and we are having problems with one user.  I would like to block her by username instead of mac, but I haven't found a place to do this.  Is there anyway to do this?  We don't have ISE or anything else that would help with this yet.  Thank you for your help.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Talk to use about what

Talk to us about what mechanism your wireless user authenticates into your network.  Is this an open authentication? 

Unfortunately, WLC cannot block anyone via username.  

7 REPLIES
Hall of Fame Super Gold

Talk to use about what

Talk to us about what mechanism your wireless user authenticates into your network.  Is this an open authentication? 

Unfortunately, WLC cannot block anyone via username.  

New Member

It is 802.1x.  It uses active

It is 802.1x.  It uses active directory, but we were trying to keep from disabling there account all together.  Thank you for your help.

Hall of Fame Super Gold

So basically, you've got

So basically, you've got someone using someone else's username and constantly hammering the authentication server (by using the wrong password) and locking out the account.  

 

We see this all the time in our network and the best method of stopping this from happening is to track down which WLC is/are the wireless clients (using the wrong password) and temporarily blocking ALL the MAC addresses.  

 

One of the most insane work-around I've heard is to give the legitimate user a new username and shut down the old one.  Again, it's an "easy" fix but it's plain lazy.

New Member

Actually the user gave her

Actually the user gave her password to someone else and it got passed around, so now there are about 800 mac addresses under her username.  We are in a school district, so anytime kids get a hold of a password they take advantage.  Thank you very much for your help.

Hall of Fame Super Gold

Wow!  I shouldn't be

Wow!  I shouldn't be complaining what our teachers are doing. 

 

So are the wireless clients a school property or are they PEDs?

New Member

They are all student phones. 

They are all student phones.  I wish they were school property because we could take it away.

Hall of Fame Super Gold

Ok, they are PED (personal

Ok, they are PED (personal devices).  We'll have to be creative. 

 

Firstly, there's a setting in MS AD that will allow only limited instance to authentication.  Meaning a setting for individual account where you can only log in to ONE device.  So you enable this for this user alone.  


Next, disable the wireless (temporarily).  Get the teacher to log in (wired network) and once she's logged in to the wired network then you enable the wireless again. 

 

The students using the wrong login credentials will not be able to log in so they'll be forced to use their own (I hope).

63
Views
5
Helpful
7
Replies
CreatePlease to create content