We have a student device that is in our block policy and also block in AD from getting a DHCP IP address. We have also blocked the VPNs the student wants to use. However, this device is still causing issues. When he attempts to connect to our wireless he will take the AP down. He took down two this morning.
Not sure if there is anything we can do other than banning the device from school porperty.
I would open a support case. A client connecting to an AP definitely shouldn't take that AP down.
We did open a support case. Waiting to hear from them was hoping some one had a similar situation and a solution
There's no way he's doing a DDose by sending deauthentication probes or anything like that.
Personally, I think this is foremost an "HR" issue and secondly a technical one. I would probably take a step further than just banning the device. The core issue is the human, so I would be trying to address the human issue directly.
I don't know which country you are in - but in most jurisdictions it is an an offence to deliberately cause disruption to someone else in the public ISM bands (which is what WiFi uses).
You can check this for your country, and warn the student that they are committing an offence, and the school may lay charges against them. I'm guessing the school has a policy for students who break the law in the school grounds?
My personal guess is that @alemabrahao is right, and this is most likely to be a de-auth style attack. There is very little you can do technically about this.
About your only option is to enable 802.11w (management frame protection) - HOWEVER - many IoT style devices and low-end phones have broken 802.11w implementations - and will experience all kinds of issues. Computers generally do support 802.11w.
That's far fetched but someone 'could' be exploiting CVE-2022-33279 which 29.5.1 fixes ,but the odds are very very slim.